Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can read files via the administration Web application
of Trend Micro InterScan Web Security, in order to obtain
sensitive information.

Impacted products: InterScan Web Security Suite

Severity: 2/4

Creation date: 07/11/2014

DESCRIPTION OF THE VULNERABILITY

The Trend Micro InterScan Web Security product provides an
administration Web application.

However, an authenticated user can insert file paths into some
fields of the man machine interface, in order to get the content
of any file readable by the Web server. Technical details are
unknown.

An attacker can therefore read files via the administration Web
application of Trend Micro InterScan Web Security, in order to
obtain sensitive information.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Trend-Micro-InterScan-Web-Security-file-reading-via-AdminUI-15610