CVE-2020-28581

Summary

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro InterScan Web Security Virtual Appliance6.5 SP2affected

Weaknesses

  • Authenticated Command Injection

ADP Enrichment

CVE Program Container

Additional References

References