Details of VAR-201608-0469

ID

VAR-201608-0469

CVE

CVE-2016-4916

TITLE

Trend Micro InterScan Messaging Security Virtual Appliance Cross-site scripting vulnerability and open redirect vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201609-385

DESCRIPTION

Trend Micro InterScan Messaging Security Virtual Appliance is prone to the following security vulnerabilities: 1. A cross-site scripting vulnerability 2. An open-redirection vulnerability 3. Multiple security vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials, to bypass the authentication mechanism and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 8.5 are vulnerable.

Trust: 0.3

sources: BID: 92776

AFFECTED PRODUCTS

vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	9.0	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance	scope:	eq	version:	8.5	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance build	scope:	ne	version:	9.01579	Trust: 0.3
vendor:	trend micro	model:	interscan messaging security virtual appliance buld	scope:	ne	version:	8.51661	Trust: 0.3

sources: BID: 92776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-385

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-385

PATCH

title:

Trend Micro InterScan Messaging Security Virtual Appliance Fixes for cross-site scripting vulnerabilities and open redirection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64179

Trust: 0.6

sources: CNNVD: CNNVD-201609-385

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4916	Trust: 0.9
db:	BID	id:	92776	Trust: 0.9
db:	CNNVD	id:	CNNVD-201609-385	Trust: 0.6

sources: BID: 92776 // CNNVD: CNNVD-201609-385

REFERENCES

url:	http://www.securityfocus.com/bid/92776	Trust: 0.6
url:	http://www.trend.com	Trust: 0.3
url:	https://success.trendmicro.com/solution/1114746	Trust: 0.3

sources: BID: 92776 // CNNVD: CNNVD-201609-385

CREDITS

Spyridon Chatzimichail of OTE Hellenic Telecommunications Organization S.A

Trust: 0.9

sources: BID: 92776 // CNNVD: CNNVD-201609-385

SOURCES

db:	BID	id:	92776
db:	CNNVD	id:	CNNVD-201609-385

LAST UPDATE DATE

2022-05-04T08:56:37.839000+00:00

SOURCES UPDATE DATE

db:	BID	id:	92776	date:	2016-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201609-385	date:	2017-04-19T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	92776	date:	2016-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201609-385	date:	2016-08-16T00:00:00