Lucene search

K
TrendmicroOfficescan

26 matches found

CVE
CVE
added 2021/07/29 8:15 p.m.1072 views

CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the pr...

8.8CVSS8.6AI score0.00799EPSS
CVE
CVE
added 2021/07/29 8:15 p.m.1056 views

CVE-2021-36742

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege...

7.8CVSS7.9AI score0.01032EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.63 views

CVE-2021-25246

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration quer...

6.5CVSS6.2AI score0.00356EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.61 views

CVE-2021-25232

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.

5.3CVSS5.5AI score0.0038EPSS
CVE
CVE
added 2021/08/04 7:15 p.m.59 views

CVE-2021-32464

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute...

7.8CVSS7.8AI score0.00094EPSS
CVE
CVE
added 2021/08/04 7:15 p.m.59 views

CVE-2021-32465

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege...

8.8CVSS8.9AI score0.04599EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25233

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.

5.3CVSS5AI score0.00343EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25234

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.

5.3CVSS5.1AI score0.00343EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.53 views

CVE-2021-25243

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.53 views

CVE-2021-25248

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain...

5.5CVSS5.3AI score0.00148EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.52 views

CVE-2021-25229

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.52 views

CVE-2021-25249

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obta...

7.8CVSS7.5AI score0.0008EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.50 views

CVE-2021-25228

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.

5.3CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.50 views

CVE-2021-25230

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.

5.3CVSS5AI score0.0038EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.50 views

CVE-2021-25231

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.

5.3CVSS5AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.49 views

CVE-2021-25240

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.48 views

CVE-2021-25238

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.

5.3CVSS5AI score0.0038EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.47 views

CVE-2021-25235

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2021/03/03 4:15 p.m.46 views

CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

5.5CVSS5.4AI score0.00063EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.45 views

CVE-2021-25236

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.

5.3CVSS5.1AI score0.00421EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.45 views

CVE-2021-25239

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.

5.3CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.44 views

CVE-2021-25242

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2021/04/13 1:15 p.m.36 views

CVE-2021-25253

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execut...

7.8CVSS7.7AI score0.01093EPSS
CVE
CVE
added 2021/04/13 1:15 p.m.33 views

CVE-2021-25250

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileg...

7.8CVSS7.7AI score0.0007EPSS
CVE
CVE
added 2021/04/13 1:15 p.m.32 views

CVE-2021-28645

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy...

7.8CVSS7.7AI score0.0007EPSS
CVE
CVE
added 2021/04/13 1:15 p.m.31 views

CVE-2021-28646

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.

5.5CVSS5.5AI score0.00062EPSS