Search
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8468 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. | |||||
| CVE-2021-36741 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2022-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | |||||
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | |||||
| CVE-2020-24559 | 3 Apple, Microsoft, Trendmicro | 6 Macos, Windows, Apex One and 3 more | 2021-09-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2018-6218 | 1 Trendmicro | 5 Deep Security, Endpoint Sensor, Officescan and 2 more | 2021-09-13 | 5.1 MEDIUM | 7.0 HIGH |
| A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | |||||
| CVE-2021-32465 | 1 Trendmicro | 2 Apex One, Officescan | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-32464 | 1 Trendmicro | 2 Apex One, Officescan | 2021-08-12 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-36742 | 2 Microsoft, Trendmicro | 5 Windows, Apex One, Officescan and 2 more | 2021-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-8470 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2021-07-21 | 9.4 HIGH | 7.5 HIGH |
| Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. | |||||
| CVE-2020-24562 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. | |||||
| CVE-2021-28645 | 1 Trendmicro | 2 Apex One, Officescan | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25250 | 1 Trendmicro | 2 Apex One, Officescan | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25253 | 1 Trendmicro | 2 Apex One, Officescan | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-25249 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 7.2 HIGH | 7.8 HIGH |
| An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2019-9492 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. | |||||
| CVE-2018-18332 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | |||||
| CVE-2018-18331 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | |||||
| CVE-2020-8467 | 1 Trendmicro | 2 Apex One, Officescan | 2020-03-20 | 6.5 MEDIUM | 8.8 HIGH |
| A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. | |||||
| CVE-2019-14688 | 2 Microsoft, Trendmicro | 9 Windows, Control Manager, Endpoint Sensor and 6 more | 2020-03-04 | 5.1 MEDIUM | 7.0 HIGH |
| Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. | |||||
| CVE-2019-18187 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. | |||||
| CVE-2018-10508 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability. | |||||
| CVE-2017-5481 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | |||||
| CVE-2017-14084 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 6.8 MEDIUM | 8.1 HIGH |
| A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | |||||
| CVE-2018-10509 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability. | |||||
| CVE-2017-14086 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | |||||
| CVE-2017-14083 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||||
| CVE-2017-14087 | 1 Trendmicro | 1 Officescan | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | |||||
| CVE-2017-14088 | 1 Trendmicro | 2 Officescan, Officescan Xg | 2017-10-13 | 6.9 MEDIUM | 7.0 HIGH |
| Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | |||||