CVE-2020-27019 - OpenCVE

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Trendmicro	Interscan Messaging Security Virtual Appliance

Configuration 1 [-]

AND

cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/	Exploit Third Party Advisory
https://success.trendmicro.com/solution/000279833	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-11-09T23:10:35

Updated: 2020-11-09T23:10:34

Reserved: 2020-10-12T00:00:00

Link: CVE-2020-27019

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-09T23:15:12.287

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-27019

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "9.1"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-09T23:10:34", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://success.trendmicro.com/solution/000279833"}, {"tags": ["x_refsource_MISC"], "url": "https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2020-27019", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)", "version": {"version_data": [{"version_value": "9.1"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://success.trendmicro.com/solution/000279833", "refsource": "MISC", "url": "https://success.trendmicro.com/solution/000279833"}, {"name": "https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/", "refsource": "MISC", "url": "https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2020-27019", "datePublished": "2020-11-09T23:10:35", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2020-11-09T23:10:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "B200642A-40B5-46AD-815B-C844CBFF5EC2", "versionEndIncluding": "9.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key."}, {"lang": "es", "value": "Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) versi\u00f3n 9.1, es susceptible a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n que podr\u00eda permitir a un atacante acceder a una base de datos y clave espec\u00edfica"}], "id": "CVE-2020-27019", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-09T23:15:12.287", "references": [{"source": "security@trendmicro.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sec-consult.com/en/blog/advisories/vulnerabilities-in-trend-micro-interscan-messaging-security-virtual-appliance-imsva/"}, {"source": "security@trendmicro.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000279833"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}