SSRF in Trend Micro Interscan Web Security Virtual Appliance
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normall…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.063 (92.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Trend Micro Interscan Web Security Virtual Appliance — versions 6.5 SP2
- Trendmicro Interscan_web_security_virtual_appliance — versions 6.5
Weakness classification (CWE)
References
- security@trendmicro.com (x_refsource_MISC, Vendor Advisory)
- security@trendmicro.com (Exploit, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-8464?
- CVE-2020-8464 is a high-severity vulnerability in Trend Micro Interscan Web Security Virtual Appliance, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.5/10. Published 2020-12-17.
- How severe is CVE-2020-8464?
- High severity. CVSS v3 base score is 7.5 out of 10.