CVE-2017-6338

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions 6.5 before CP 1746

Description The issue concerns Access Control problems, allowing an authenticated, remote user with low privileges, such as Reports Only or Auditor, to perform unauthorized actions. These actions include changing FTP Access Control Settings, creating or modifying reports, or uploading an HTTPS Decryption Certificate and Private Key.

Recommendations For versions 6.5 before CP 1746, update to a version that includes CP 1746 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected settings and features, such as FTP Access Control Settings, report creation and modification, and HTTPS Decryption Certificate and Private Key upload, to minimize the risk of exploitation.