Trendmicro Security Vulnerabilities
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first...
5.5CVSS
5.3AI Score
0.0004EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database...
5.3CVSS
5.1AI Score
0.009EPSS
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing...
5.3CVSS
5AI Score
0.009EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL...
5.3CVSS
5.5AI Score
0.009EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix...
5.3CVSS
5.1AI Score
0.003EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception...
5.3CVSS
5AI Score
0.009EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history...
5.3CVSS
5AI Score
0.003EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration...
5.3CVSS
5.1AI Score
0.003EPSS
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific...
5.3CVSS
5.1AI Score
0.009EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent...
5.3CVSS
5.1AI Score
0.003EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx...
5.3CVSS
5.2AI Score
0.003EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download...
5.3CVSS
5AI Score
0.003EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration...
5.3CVSS
5.1AI Score
0.009EPSS
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by...
5.3CVSS
5.1AI Score
0.009EPSS
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...
3.3CVSS
4.4AI Score
0.001EPSS
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to...
5.5CVSS
5.5AI Score
0.0004EPSS
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this...
7.8CVSS
7.9AI Score
0.001EPSS
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to...
5.5CVSS
5.5AI Score
0.0004EPSS
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to...
5.5CVSS
5.5AI Score
0.0004EPSS
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user...
9.8CVSS
8.3AI Score
0.003EPSS
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated...
9.8CVSS
9.8AI Score
0.418EPSS
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have...
7.5CVSS
8.4AI Score
0.003EPSS
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF...
8.8CVSS
9AI Score
0.001EPSS
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request...
7.5CVSS
7.5AI Score
0.004EPSS
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar...
4.8CVSS
4.8AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the...
4.8CVSS
4.8AI Score
0.001EPSS
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db...
5.3CVSS
5.1AI Score
0.012EPSS
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build...
5.3CVSS
5.1AI Score
0.012EPSS
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed...
5.3CVSS
5.1AI Score
0.012EPSS
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch...
5.3CVSS
5.1AI Score
0.012EPSS
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the...
5.3CVSS
5.1AI Score
0.012EPSS
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this...
6.7CVSS
7.1AI Score
0.001EPSS
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated...
7.2CVSS
7.4AI Score
0.035EPSS
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management...
7.5CVSS
7.6AI Score
0.003EPSS
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated...
9.8CVSS
9.7AI Score
0.027EPSS
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated...
8.8CVSS
9.2AI Score
0.012EPSS
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated...
7.2CVSS
7.4AI Score
0.035EPSS
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the...
7.8CVSS
7.5AI Score
0.001EPSS
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher...
7.8CVSS
7.5AI Score
0.0004EPSS
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the...
7.8CVSS
7.4AI Score
0.001EPSS
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the...
7.8CVSS
7.5AI Score
0.001EPSS
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered...
4.4CVSS
4.8AI Score
0.001EPSS
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have....
5.5CVSS
5.3AI Score
0.001EPSS
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to...
8.8CVSS
8.5AI Score
0.001EPSS
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges....
4.9CVSS
4.9AI Score
0.001EPSS
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and...
5.5CVSS
5.2AI Score
0.003EPSS
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page. An attacker must....
8.8CVSS
8.6AI Score
0.001EPSS
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on...
6.4CVSS
6.3AI Score
0.0004EPSS
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in...
4.4CVSS
4.7AI Score
0.0004EPSS
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must.....
4.4CVSS
4.8AI Score
0.001EPSS