Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:48847535
HistoryJun 02, 2016 - 12:00 a.m.

JVN#48847535: Trend Micro enterprise products multiple vulnerabilities

2016-06-0200:00:00
Japan Vulnerability Notes
jvn.jp
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

60.1%

JSON

Multiple enterprise products provided by Trend Micro Incorporated contain the following vulnerabilities.

Directory Traversal - CVE-2016-1223

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3
CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3

HTTP Header Injection - CVE-2016-1224

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 5.2
CVSS v2 AV:A/AC:M/Au:N/C:N/I:P/A:N Base Score: 2.9

According to the developer, exploiting these vulnerabilities requires access to the LAN environment of the user.

Impact

An attacker that can access the user’s LAN environment may obtain access to files on the device. (CVE-2016-1223)
An arbitrary script may be executed on the user’s web browser. (CVE-2016-1224)

Solution

If using Office Scan 11.0:
Apply the Update Module
Contact the developer’s suuport center and inquire about the Update Module (HotFix).
According to the developer, applying the Critical Patch planned for release at the end of June 2016 will also address the vulnerability.

If using Worry-Free Business Security 9.0:
Update the software
According to the developer, applying Service Pack 3 planned for release at the end of June 2016 will address the vulnerabilities.

If using Worry-Free Business Security Service 5.x:
Update the Software
Update the software according to the information provided by the developer.

Products Affected

  • Office Scan 11.0 (CVE-2016-1223)
  • Worry-Free Business Security 9.0 (CVE-2016-1223, CVE-2016-1224)
  • Worry-Free Business Security Service 5.x (CVE-2016-1223, CVE-2016-1224)

Related

openvas 3
cve 2
cvelist 2
prion 2
nvd 2
openvas
openvas
Trend Micro WFBS Services Multiple Vulnerabilities
2016-08-23 00:00:00
Trend Micro WFBS Multiple Vulnerabilities
2016-08-23 00:00:00
Trend Micro OfficeScan Path Traversal and HTTP Header Injection Vulnerability
2016-08-22 00:00:00
cve
cve
CVE-2016-1223
2016-06-19 01:59:01
CVE-2016-1224
2016-06-19 01:59:02
cvelist
cvelist
CVE-2016-1223
2016-06-19 01:00:00
CVE-2016-1224
2016-06-19 01:00:00
prion
prion
Directory traversal
2016-06-19 01:59:00
Crlf injection
2016-06-19 01:59:00
nvd
nvd
CVE-2016-1223
2016-06-19 01:59:01
CVE-2016-1224
2016-06-19 01:59:02

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

60.1%

JSON
Related for JVN:48847535
openvas3cve2cvelist2prion2nvd2