Product:

Officescan

(Trendmicro)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 71
Date Id Summary Products Score Patch Annotated
2021-02-04 CVE-2021-25230 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. Apex_one, Officescan 5.3
2018-12-21 CVE-2018-18332 A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. Officescan 7.5
2018-12-21 CVE-2018-18331 A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. Officescan 7.5
2020-08-05 CVE-2020-8607 An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit... Antivirus_toolkit, Apex_one, Deep_security, Officescan, Officescan_business_security, Officescan_business_security_service, Officescan_cloud, Online_scan, Portable_security, Rootkit_buster, Safe_lock, Serverprotect N/A
2020-03-18 CVE-2020-8467 A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. Apex_one, Officescan N/A
2020-02-20 CVE-2019-14688 Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Control_manager, Endpoint_sensor, Im_security, Mobile_security, Officescan, Scanmail, Security, Serverprotect N/A
2019-12-20 CVE-2019-19691 A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. Apex_one, Officescan N/A
2019-10-28 CVE-2019-18189 A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Apex_one, Officescan, Worry\-Free_business_security N/A
2019-10-28 CVE-2019-18187 Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. Officescan N/A
2017-05-03 CVE-2017-5481 Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Officescan 8.8