Sign-up

ID

VAR-201405-0430


CVE

CVE-2014-3922


TITLE

Trend Micro InterScan Messaging Security Virtual Appliance Cross-Site Scripting Vulnerability

Trust: 1.4

sources: IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03460 // CNNVD: CNNVD-201405-571

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. Trend Micro InterScan Messaging Security Suite provides a high-performance, policy-based gateway security filtering solution for enterprise IT network resources, built on the enterprise's SMTP outbound gateway. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. InterScan Messaging Security Virtual Appliance 8.5.1.1516 is vulnerable; other versions may also affected

Trust: 2.61

sources: NVD: CVE-2014-3922 // JVNDB: JVNDB-2014-002708 // CNVD: CNVD-2014-03460 // BID: 67726 // IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03460

AFFECTED PRODUCTS

vendor:trend micromodel:interscan messaging security virtual appliancescope:eqversion:8.5.1.1516

Trust: 1.7

vendor:trendmicromodel:interscan messaging security virtual appliancescope:eqversion:8.5.1.1516

Trust: 1.6

vendor:interscan messaging security virtual appliancemodel: - scope:eqversion:8.5.1.1516

Trust: 0.2

sources: IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03460 // BID: 67726 // JVNDB: JVNDB-2014-002708 // CNNVD: CNNVD-201405-571 // NVD: CVE-2014-3922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3922
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3922
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03460
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-571
value: MEDIUM

Trust: 0.6

IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2014-3922
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03460
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03460 // JVNDB: JVNDB-2014-002708 // CNNVD: CNNVD-201405-571 // NVD: CVE-2014-3922

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2014-002708 // NVD: CVE-2014-3922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-571

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-571

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002708

PATCH
title:InterScan Messaging Securityurl:http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002708

EXTERNAL IDS
db:NVDid:CVE-2014-3922
Trust: 3.5
db:BIDid:67726
Trust: 1.9
db:SECTRACKid:1030318
Trust: 1.0
db:PACKETSTORMid:126847
Trust: 1.0
db:SECUNIAid:58491
Trust: 1.0
db:CNVDid:CNVD-2014-03460
Trust: 0.8
db:CNNVDid:CNNVD-201405-571
Trust: 0.8
db:JVNDBid:JVNDB-2014-002708
Trust: 0.8
db:OSVDBid:107550
Trust: 0.6
db:FULLDISCid:20140529 XSS ATTACKS VULNERABILITY IN INTERSCAN MESSAGING SECURITY VIRTUAL APPLIANCE 8.5.1.1516 (ZERO-DAY)
Trust: 0.6
db:IVDid:EAAC889C-1ED3-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: eaac889c-1ed3-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-03460 // 
            
            
            
            BID: 67726 // 
            
            
            
            JVNDB: JVNDB-2014-002708 // 
            
            
            
            CNNVD: CNNVD-201405-571 // 
            
            
            
            NVD: CVE-2014-3922

REFERENCES
url:http://seclists.org/fulldisclosure/2014/may/164
Trust: 2.4
url:https://vimeo.com/96757096
Trust: 1.6
url:http://packetstormsecurity.com/files/126847/interscan-messaging-security-virtual-appliance-8.5.1.1516-cross-site-scripting.html
Trust: 1.0
url:http://secunia.com/advisories/58491
Trust: 1.0
url:http://www.securityfocus.com/bid/67726
Trust: 1.0
url:http://www.securitytracker.com/id/1030318
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3922
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3922
Trust: 0.8
url:http://www.vmware.com/security/advisories/vmsa-2014-0005.html
Trust: 0.6
url:http://osvdb.com/show/osvdb/107550
Trust: 0.6
url:http://www.trendmicro.com/us/enterprise/network-security/interscan-message-security/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03460 // 
            
            
            
            BID: 67726 // 
            
            
            
            JVNDB: JVNDB-2014-002708 // 
            
            
            
            CNNVD: CNNVD-201405-571 // 
            
            
            
            NVD: CVE-2014-3922

CREDITS
William Costa
Trust: 0.3
sources:
            
            
            BID: 67726

SOURCES
db:IVDid:eaac889c-1ed3-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-03460
db:BIDid:67726
db:JVNDBid:JVNDB-2014-002708
db:CNNVDid:CNNVD-201405-571
db:NVDid:CVE-2014-3922

LAST UPDATE DATE
2024-11-23T22:35:15.658000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03460date:2014-06-06T00:00:00
db:BIDid:67726date:2015-04-13T21:01:00
db:JVNDBid:JVNDB-2014-002708date:2014-06-03T00:00:00
db:CNNVDid:CNNVD-201405-571date:2017-04-19T00:00:00
db:NVDid:CVE-2014-3922date:2024-11-21T02:09:08.107

SOURCES RELEASE DATE
db:IVDid:eaac889c-1ed3-11e6-abef-000c29c66e3ddate:2014-06-06T00:00:00
db:CNVDid:CNVD-2014-03460date:2014-06-05T00:00:00
db:BIDid:67726date:2014-05-30T00:00:00
db:JVNDBid:JVNDB-2014-002708date:2014-06-03T00:00:00
db:CNNVDid:CNNVD-201405-571date:2014-05-30T00:00:00
db:NVDid:CVE-2014-3922date:2014-05-30T14:55:09.677