CVE-2017-11396: Code Injection
First published: Fri Sep 22 2017(Updated: )
Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro InterScan Web Security Virtual Appliance | =6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11396?
CVE-2017-11396 has been classified as a critical vulnerability due to its potential for remote code execution by attackers with administrative access.
How do I fix CVE-2017-11396?
To remediate CVE-2017-11396, ensure you update to the latest version of Trend Micro Web Security Virtual Appliance, as patches addressing this vulnerability will be provided.
Who is affected by CVE-2017-11396?
CVE-2017-11396 affects users of Trend Micro Web Security Virtual Appliance version 6.5 who possess administrative rights.
What types of attacks can be executed through CVE-2017-11396?
CVE-2017-11396 could allow attackers to perform remote code injections on the affected system.
Is CVE-2017-11396 a zero-day vulnerability?
CVE-2017-11396 is not a zero-day vulnerability as it was publicly disclosed and a patch is available for mitigation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trendmicro
- canonical/trend micro interscan web security virtual appliance
- version/trend micro interscan web security virtual appliance/6.5