T. Serafin

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue allows an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. This can be achieved through a cross-site request forgery (CSRF) attack. An attacker must already have obtained product administrator or root privileges to exploit this issue. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to policy rules modification until a fix is available. As a temporary workaround, ensure that administrators are cautious when accessing web pages and avoid accessing potentially malicious links. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue is related to an XML External Entity Processing (XXE) vulnerability. This could allow an authenticated administrator to read arbitrary local files. To exploit this, an attacker must already have obtained product administrator or root privileges. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to the administrator interface to minimize the risk of exploitation. As a temporary workaround, limit the privileges of administrators to reduce the potential impact of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue allows an authenticated attacker to abuse the product's web server, granting access to web resources or parts of local files. An attacker must already have obtained authenticated privileges on the product to exploit this issue. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to the web server until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue is an information disclosure vulnerability that could allow an attacker to access a specific database and key. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue concerns the storage of administrative passwords using an outdated hash. **Recommendations** For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1 **Description** The issue concerns a critical library in the Trend Micro InterScan Messaging Security Virtual Appliance that may be vulnerable to attack. **Recommendations** For version 9.1, update the specific critical library to prevent potential attacks.