Trend Micro InterScan Web Security Suite Security Bypass - Secunia Advisories - Vulnerability Intelligence - Secunia.com(情報元のブックマーク数)

IT セキュリティ

TrendmicroのIWSSでアクセス制限を回避できる脆弱性が存在とのこと。管理者アカウントで設定や色々できるみたい。管理画面の脆弱性か?

Julien Cayssol has reported a vulnerability in Trend Micro InterScan Web Security Suite, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to an access control error in multiple JSP pages and can be exploited to modify the certain configuration values and e.g. create an administrator account.

Successful exploitation requires "Auditor" or "Report Only" credentials.

The vulnerability is reported in version 3.1.

Security Advisory SA33867 - Trend Micro InterScan Web Security Suite Security Bypass - Secunia

screenshot