How severe is CVE-2016-9314?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2016-9314?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2016-9314 - HIGH Severity | CVSS 7.8

Vulnerability Description

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.

Related Vulnerabilities

CVE-2011-3177

HIGH

CVSS:7.8(High)

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks...

CWE-2002011

CVE-2014-4991

HIGH

CVSS:7.8(High)

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to ob...

CWE-2002014

CVE-2014-4992

HIGH

CVSS:7.8(High)

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014

CVE-2014-4993

HIGH

CVSS:7.8(High)

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows...

CWE-2002014

CVE-2014-4997

HIGH

CVSS:7.8(High)

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014

CVE-2014-4998

HIGH

CVSS:7.8(High)

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014