Vulnerability Description
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Interscan Web Security Virtual Appliance | <= 6.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97482Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1116960PatchVendor Advisory
- https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfExploitTechnical DescriptionThird Party Advisory
- http://www.securityfocus.com/bid/97482Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1116960PatchVendor Advisory
- https://www.qualys.com/2017/01/12/qsa-2017-01-12/qsa-2017-01-12.pdfExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-6338?
CVE-2017-6338 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audito...
How severe is CVE-2017-6338?
CVE-2017-6338 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6338?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Interscan Web Security Virtual Appliance.