Lucene search

[email protected]CVE-2018-10507

HistoryJun 12, 2018 - 5:29 p.m.

CVE-2018-10507

2018-06-1217:29:00

[email protected]

web.nvd.nist.gov

vulnerability

trend micro

officescan

11.0 sp1

admin privilege

unauthorized change prevention

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4.9 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.4%

JSON

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.

Affected configurations

NVD

Node

trendmicroofficescanMatch11.0sp1

trendmicroofficescanMatchxg

trendmicroofficescanMatchxgsp1

CPENameOperatorVersion
trendmicro:officescantrendmicro officescaneq11.0
trendmicro:officescantrendmicro officescaneqxg

CPE	Name	Operator	Version
trendmicro:officescan	trendmicro officescan	eq	11.0
trendmicro:officescan	trendmicro officescan	eq	xg

CNA Affected

[
  {
    "product": "Trend Micro OfficeScan",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "11.0 SP1, XG"
      }
    ]
  }
]