Vigil@nce - Trend Micro InterScan Messaging Security Virtual Appliance: three vulnerabilities
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Trend Micro
InterScan Messaging Security Virtual Appliance.
Impacted products: InterScan Messaging Security Suite.
Severity: 2/4.
Creation date: 07/10/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Trend Micro InterScan
Messaging Security Virtual Appliance.
An attacker can deceive the user, in order to redirect him to a
malicious site. [severity:1/4; CVE-2016-4914]
An attacker can trigger a Cross Site Scripting, in order to run
JavaScript code in the context of the web site. [severity:2/4;
CVE-2016-4915]
An attacker can bypass security features, in order to escalate his
privileges. [severity:2/4; CVE-2016-4916]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN