CVE-2016-9315

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions prior to 6.5 CP 1737

Description A privilege escalation issue allows authenticated, remote users with least privileges to change the Master Admin's password and/or add new admin accounts. This issue was identified in the com.trend.iwss.gui.servlet.updateaccountadministration component.

Recommendations For versions prior to 6.5 CP 1737, update to version 6.5 CP 1737 to resolve the issue. As a temporary workaround, consider restricting access to the com.trend.iwss.gui.servlet.updateaccountadministration component to minimize the risk of exploitation.