9 matches found
CVE-2023-28005
Summary: CVE-2023-28005 affects Trend Micro Endpoint Encryption Full Disk Encryption (TMEE FDE) โค 6.0.0.3204. The issue enables bypass of the Windows Secure Boot process when an attacker has physical access, potentially enabling further attacks to access device contents. The encrypted drive remai...
CVE-2025-49212
CVE-2025-49212 affects Trend Micro Endpoint Encryption PolicyServer. An insecure deserialization operation could allow pre-authentication remote code execution on affected installations. The CVSSv3.1 vector is NETWORK/LOW/ NONE, with HIGH impact on confidentiality, integrity, and availability (ba...
CVE-2025-49213
CVE-2025-49213 describes an insecure deserialization flaw in the Trend Micro Endpoint Encryption PolicyServer that could allow pre-authentication remote code execution on affected installations. According to the available description, the vulnerability is in a different method than CVE-2025-49212...
CVE-2025-49211
CVE-2025-49211 describes a SQL injection in Trend Micro Endpoint Encryption PolicyServer that can escalate privileges. Public details identify the flaw in the BuildEnterpriseSearchString SQL construction as the root cause and note that authentication is reportedly required but can be bypassed to ...
CVE-2025-49216
The CVE-2025-49216 entry relates to Trend Micro Endpoint Encryption PolicyServer. The connected ZDI advisory (ZDI-25-373) states an authentication bypass exists in the DbAppDomain service, enabling remote attackers to bypass authentication and act with admin-level access to modify product configu...
CVE-2025-49218
CVE-2025-49218 describes a post-auth SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that could allow privilege escalation. The affected component is the PolicyServerโs handling of SQL queries after an attacker already has execution capability with low privileges on th...
CVE-2025-49217
CVE-2025-49217 pertains to Trend Micro Endpoint Encryption PolicyServer and describes an insecure deserialization vulnerability that could allow pre-authentication remote code execution on affected installations. The CVE entry notes this issue is similar to CVE-2025-49213 but in a different metho...
CVE-2025-49214
CVE-2025-49214 concerns Trend Micro Endpoint Encryption PolicyServer with an insecure deserialization flaw that could enable post-auth remote code execution. Affected component/behavior: deserialization function in PolicyServer; root cause described as insecure deserialization. Impact: high acros...
CVE-2025-49215
CVE-2025-49215 describes a post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer that can lead to privilege escalation on affected installations. The main affected component is PolicyServer; the underlying issue is an SQL injection flaw exploitable after the at...