CVE-2020-27016

Name of the Vulnerable Software and Affected Versions Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1

Description The issue allows an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. This can be achieved through a cross-site request forgery (CSRF) attack. An attacker must already have obtained product administrator or root privileges to exploit this issue.

Recommendations For Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) version 9.1, consider restricting access to policy rules modification until a fix is available. As a temporary workaround, ensure that administrators are cautious when accessing web pages and avoid accessing potentially malicious links. At the moment, there is no information about a newer version that contains a fix for this issue.