Rewterz Threat Advisory – CVE-2021-31521 – Trend Micro InterScan Web Security Virtual Appliance Vulnerability

June 18, 2021

Severity

Medium

Analysis Summary

CVE-2021-31521

Trend Micro InterScan Web Security Virtual Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Captive Portal. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Credential Theft
Session Hijacking

Affected Vendors

Trend Micro

Affected Products

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5

Remediation

Download the latest patches and updates provided on the vendor website at https://success.trendmicro.com/solution/000286452

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Cyber Threat Alert: Immediate Action Required on Existing APT Threat Indicators – Active IOCs

Tinba aka TinyBanker Trojan – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Lokibot Malware – Active IOCs

Rewterz Threat Advisory – Microsoft 3D Viewer Zero-Day Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.