Title: Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
Severity: MODERATE
Description:
Trend Micro InterScan Web Security Suite is a solution for internet gateways to protect networks against web-based attacks.
The application is prone to multiple security-bypass vulnerabilities that stem from access-control errors in multiple JSP pages.
Note that to exploit these issues, attackers must have an 'Auditor' or 'Report Only' account.
Successful exploits may allow attackers to access sensitive areas and to elevate privileges to perform certain restricted actions, such as modifying system configuration.
These issues affect InterScan Web Security Suite 3.1 for Windows. Reportedly, Linux versions of the application are also affected.
Affected Products:
- Trend Micro InterScan Web Security Suite for Linux 3.1
- Trend Micro InterScan Web Security Suite for Windows 3.1
References:
- Trend Micro: Critical Patch: InterScan(TM) Web Security Suite 3.1 for Windows
- Trend Micro: InterScan Web Security Suite Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
