Lucene search
K
TrendmicroScanmail

6 matches found

CVE
CVE
added 2020/02/20 10:50 p.m.93 views

CVE-2019-14688

This CVE affects Trend Micro installer packages. A DLL hijack vulnerability was present in an installer version used by multiple Trend Micro products and could be exploited only during the initial product installation by an authorized user. The attacker must cause the target to place a malicious ...

7CVSS6.9AI score0.01873EPSS
CVE
CVE
added 2017/12/15 2:0 p.m.63 views

CVE-2017-14091

Trend Micro ScanMail for Exchange 12.0/12 SP1 Patch 1 (SMEX) is affected by CVE-2017-14091 via its update mechanism. The issue arises when administrators configure alternative download sources for updates; those packages are not signed or validated (only size matched), enabling an attacker to ove...

7.6CVSS8.3AI score0.00741EPSS
CVE
CVE
added 2021/03/03 3:43 p.m.62 views

CVE-2021-25252

CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...

5.5CVSS5.4AI score0.00556EPSS
CVE
CVE
added 2017/12/15 2:0 p.m.60 views

CVE-2017-14090

CVE-2017-14090 affects Trend Micro ScanMail for Exchange 12.0. The vulnerability lies in the update mechanism: communications to update servers are unencrypted (HTTP) and lack certificate validation, enabling eavesdropping/tampering. Core Security’s advisory details that vulnerable update paths a...

9.1CVSS9.1AI score0.0134EPSS
CVE
CVE
added 2017/12/15 2:0 p.m.60 views

CVE-2017-14092

CVE-2017-14092 describes a Cross-Site Request Forgery vulnerability in Trend Micro ScanMail for Exchange (SMEX) 12.x web interface. Root cause: the web forms lack Anti-CSRF tokens, allowing an authenticated user who visits a malicious domain to submit authenticated requests to the SMEX web consol...

8.8CVSS8.8AI score0.00885EPSS
CVE
CVE
added 2017/12/15 2:0 p.m.56 views

CVE-2017-14093

Trend Micro ScanMail for Exchange 12.x (SMEX) contains a cross-site scripting vulnerability (CVE-2017-14093) in the Web-based Logs and Quarantine Query pages. The root cause is improper input handling on the logs/ Quarantine pages, allowing injected script via parameters such as optRemoteLog, txt...

6.1CVSS7.2AI score0.01036EPSS