What is the severity of CVE-2017-6340?

CVE-2017-6340 has a medium severity rating due to improper input validation and access control vulnerabilities.

What are the risks associated with CVE-2017-6340?

The risks associated with CVE-2017-6340 include potential JavaScript injection by unauthorized users, leading to data breaches or manipulation.

Who is affected by CVE-2017-6340?

CVE-2017-6340 affects users of Trend Micro InterScan Web Security Virtual Appliance version 6.5 and earlier without the CP 1746 patch.

Is CVE-2017-6340 public knowledge?

Yes, CVE-2017-6340 is publicly documented and can be referenced through various security vulnerability databases.

Vulnerability/
CVE-2017-6340

medium

5.4

CWE

5/4/2017

5/8/2024

CVE-2017-6340: XSS

Q: How do I fix CVE-2017-6340?

To fix CVE-2017-6340, you should update to Trend Micro InterScan Web Security Virtual Appliance 6.5 with CP 1746 or later versions.

First published: Wed Apr 05 2017(Updated: )

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Trend Micro InterScan Web Security Virtual Appliance	<=6.5

Remedy

https://success.trendmicro.com/solution/1116960

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6340?
CVE-2017-6340 has a medium severity rating due to improper input validation and access control vulnerabilities.
How do I fix CVE-2017-6340?
To fix CVE-2017-6340, you should update to Trend Micro InterScan Web Security Virtual Appliance 6.5 with CP 1746 or later versions.
What are the risks associated with CVE-2017-6340?
The risks associated with CVE-2017-6340 include potential JavaScript injection by unauthorized users, leading to data breaches or manipulation.
Who is affected by CVE-2017-6340?
CVE-2017-6340 affects users of Trend Micro InterScan Web Security Virtual Appliance version 6.5 and earlier without the CP 1746 patch.
Is CVE-2017-6340 public knowledge?
Yes, CVE-2017-6340 is publicly documented and can be referenced through various security vulnerability databases.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/references
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/trendmicro
canonical/trend micro interscan web security virtual appliance
version/trend micro interscan web security virtual appliance/6.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.