Lucene search

K
TrendmicroOfficescanxg

53 matches found

CVE
CVE
added 2021/07/29 8:15 p.m.1071 views

CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the pr...

8.8CVSS8.6AI score0.00799EPSS
CVE
CVE
added 2021/07/29 8:15 p.m.1055 views

CVE-2021-36742

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege...

7.8CVSS7.9AI score0.01032EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.920 views

CVE-2020-8599

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

10CVSS9.4AI score0.5842EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.908 views

CVE-2020-8467

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.

8.8CVSS9.4AI score0.07689EPSS
CVE
CVE
added 2019/10/28 8:15 p.m.905 views

CVE-2019-18187

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote proce...

7.5CVSS7.9AI score0.71916EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.903 views

CVE-2020-8468

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

8.8CVSS8.9AI score0.04484EPSS
CVE
CVE
added 2019/07/26 2:15 p.m.336 views

CVE-2019-9492

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable s...

7.8CVSS7.8AI score0.00109EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.98 views

CVE-2020-8598

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit t...

10CVSS9.6AI score0.08463EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.96 views

CVE-2020-8470

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

9.4CVSS7.8AI score0.01122EPSS
CVE
CVE
added 2020/02/20 11:15 p.m.82 views

CVE-2019-14688

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial produ...

7CVSS6.9AI score0.00409EPSS
CVE
CVE
added 2020/09/29 12:15 a.m.79 views

CVE-2020-24562

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7.9AI score0.00213EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.63 views

CVE-2021-25246

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration quer...

6.5CVSS6.2AI score0.00356EPSS
CVE
CVE
added 2018/06/12 5:29 p.m.61 views

CVE-2018-10507

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulner...

4.4CVSS4.9AI score0.01078EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.61 views

CVE-2021-25232

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.

5.3CVSS5.5AI score0.0038EPSS
CVE
CVE
added 2021/08/04 7:15 p.m.59 views

CVE-2021-32464

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute...

7.8CVSS7.8AI score0.00094EPSS
CVE
CVE
added 2021/08/04 7:15 p.m.59 views

CVE-2021-32465

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege...

8.8CVSS8.9AI score0.04599EPSS
CVE
CVE
added 2019/10/28 8:15 p.m.57 views

CVE-2019-18189

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

10CVSS9.4AI score0.00595EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25233

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.

5.3CVSS5AI score0.00343EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25234

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.

5.3CVSS5.1AI score0.00343EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.53 views

CVE-2021-25243

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.53 views

CVE-2021-25248

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain...

5.5CVSS5.3AI score0.00148EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.52 views

CVE-2021-25229

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.52 views

CVE-2021-25249

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obta...

7.8CVSS7.5AI score0.0008EPSS
CVE
CVE
added 2019/04/05 11:29 p.m.50 views

CVE-2019-9489

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.

7.5CVSS7.5AI score0.00566EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.50 views

CVE-2021-25228

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.

5.3CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.50 views

CVE-2021-25230

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.

5.3CVSS5AI score0.0038EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.50 views

CVE-2021-25231

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.

5.3CVSS5AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.49 views

CVE-2021-25240

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.48 views

CVE-2021-25238

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.

5.3CVSS5AI score0.0038EPSS
CVE
CVE
added 2020/09/01 7:15 p.m.47 views

CVE-2020-24559

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root....

7.8CVSS7.7AI score0.00173EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.47 views

CVE-2021-25235

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2020/12/01 7:15 p.m.46 views

CVE-2020-28576

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.

5.3CVSS5.1AI score0.00846EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.45 views

CVE-2021-25236

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.

5.3CVSS5.1AI score0.00421EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.45 views

CVE-2021-25239

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.

5.3CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2018/06/08 2:29 p.m.44 views

CVE-2018-10358

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to exec...

6.3CVSS7.1AI score0.00084EPSS
CVE
CVE
added 2018/12/21 3:29 p.m.44 views

CVE-2018-18331

A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.

7.5CVSS7.4AI score0.00227EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.44 views

CVE-2021-25242

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2018/06/08 2:29 p.m.41 views

CVE-2018-10506

A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the...

4.7CVSS4.8AI score0.00111EPSS
CVE
CVE
added 2020/12/01 7:15 p.m.41 views

CVE-2020-28573

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2018/06/12 5:29 p.m.40 views

CVE-2018-10508

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.

8.8CVSS8.5AI score0.00625EPSS
CVE
CVE
added 2020/12/01 7:15 p.m.40 views

CVE-2020-28583

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2018/06/08 2:29 p.m.39 views

CVE-2018-10359

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to exec...

6.3CVSS7.1AI score0.00084EPSS
CVE
CVE
added 2018/06/12 5:29 p.m.39 views

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.

8.8CVSS8.4AI score0.00461EPSS
CVE
CVE
added 2020/12/01 7:15 p.m.37 views

CVE-2020-28577

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2020/12/01 7:15 p.m.37 views

CVE-2020-28582

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2021/04/13 1:15 p.m.36 views

CVE-2021-25253

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execut...

7.8CVSS7.7AI score0.01093EPSS
CVE
CVE
added 2018/06/08 2:29 p.m.35 views

CVE-2018-10505

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to exec...

6.3CVSS7.1AI score0.00084EPSS
CVE
CVE
added 2018/12/21 3:29 p.m.35 views

CVE-2018-18332

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.

7.5CVSS7.4AI score0.00227EPSS
CVE
CVE
added 2019/12/20 4:15 p.m.35 views

CVE-2019-19691

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.

4.9CVSS5AI score0.00533EPSS
CVE
CVE
added 2021/04/13 1:15 p.m.33 views

CVE-2021-25250

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...

7.8CVSS7.7AI score0.0007EPSS
Total number of security vulnerabilities53