Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Officescan
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 71 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-29 | CVE-2021-36741 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. | Apex_one, Officescan, Officescan_business_security, Worry\-Free_business_security | 8.8 | ||
| 2008-08-27 | CVE-2008-2433 | The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." | Client_server_messaging_suite, Officescan, Worry\-Free_business_security | 9.8 | ||
| 2020-03-18 | CVE-2020-8468 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. | Apex_one, Officescan, Worry\-Free_business_security | 8.8 | ||
| 2020-03-18 | CVE-2020-8599 | Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability. | Apex_one, Officescan | 9.8 | ||
| 2019-04-05 | CVE-2019-9489 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | Apex_one, Apex_one_as_a_service, Business_security, Officescan, Worry\-Free_business_security | 7.5 | ||
| 2020-09-01 | CVE-2020-24559 | A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Officescan, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2018-02-16 | CVE-2018-6218 | A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | Deep_security, Endpoint_sensor, Officescan, Security, Worry\-Free_business_security | 7.0 | ||
| 2021-03-03 | CVE-2021-25252 | Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | Apex_central, Apex_one, Cloud_edge, Control_manager, Deep_discovery_analyzer, Deep_discovery_email_inspector, Deep_discovery_inspector, Deep_security, Interscan_messaging_security_virtual_appliance, Interscan_web_security_virtual_appliance, Officescan, Portal_protect, Safe_lock, Scanmail, Scanmail_for_ibm_domino, Serverprotect, Serverprotect_for_network_appliance_filers, Serverprotect_for_storage, Worry\-Free_business_security | 5.5 | ||
| 2016-06-19 | CVE-2016-1223 | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | Officescan, Worry\-Free_business_security, Worry\-Free_business_security_services | 5.3 | ||
| 2021-08-04 | CVE-2021-32464 | An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Officescan | 7.8 |