Trend Micro IWSVA < 6.0 Build 1244 Information Disclosure
Medium Nessus Plugin ID 82591
SynopsisThe remote host is affected by an information disclosure vulnerability.
DescriptionThe remote host is running a version of Trend Micro InterScan Web Security Virtual Appliance prior to 6.0 Build 1244. It is, therefore, affected by an information disclosure vulnerability due to improper validation of user-supplied configuration input when saving filters in the AdminUI. An authenticated, remote attacker can exploit this issue to gain access to arbitrary files which IWSVA has read access to.
SolutionUpgrade to Trend Micro IWSVA 6.0 Build 1244 or later.