5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
60.1%
Multiple enterprise products provided by Trend Micro Incorporated contain the following vulnerabilities.
Directory Traversal - CVE-2016-1223
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:A/AC:L/Au:N/C:P/I:N/A:N | Base Score: 3.3 |
HTTP Header Injection - CVE-2016-1224
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.2 |
CVSS v2 | AV:A/AC:M/Au:N/C:N/I:P/A:N | Base Score: 2.9 |
According to the developer, exploiting these vulnerabilities requires access to the LAN environment of the user.
An attacker that can access the user’s LAN environment may obtain access to files on the device. (CVE-2016-1223)
An arbitrary script may be executed on the user’s web browser. (CVE-2016-1224)
If using Office Scan 11.0:
Apply the Update Module
Contact the developer’s suuport center and inquire about the Update Module (HotFix).
According to the developer, applying the Critical Patch planned for release at the end of June 2016 will also address the vulnerability.
If using Worry-Free Business Security 9.0:
Update the software
According to the developer, applying Service Pack 3 planned for release at the end of June 2016 will address the vulnerabilities.
If using Worry-Free Business Security Service 5.x:
Update the Software
Update the software according to the information provided by the developer.
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
60.1%