Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14085Sensitive Information Exposure in Micro Officescan

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
12.4%
top 6.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro OfficescanTrendmicro Officescan
Timeline
PublishedOct 6
Latest updateMay 14

Description

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDtrendmicro/officescan11.0, 12.0+1
CVEListV5trend_micro/trend_micro_officescan11.0, XG (12.0)

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-69cp-8qx2-fq5h: Information disclosure vulnerabilities in Trend Micro OfficeScan 112022-05-14
CVEList
CVE-2017-14085: Information disclosure vulnerabilities in Trend Micro OfficeScan 112017-10-05

💥Exploits & PoCs

1
Exploit-DB
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure2017-09-28
CVE-2017-14085 — Sensitive Information Exposure | cvebase