Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-10507

4 documents4 sources
Severity
4.4MEDIUM
EPSS
0.8%
top 26.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro Trend Micro OfficescanTrendmicro Officescan
Timeline
PublishedJun 12
Latest updateMay 13

Description

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDtrendmicro/officescan11.0, xg+1
CVEListV5trend_micro/trend_micro_officescan11.0 SP1, XG

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-9mjm-gvpm-vf93: A vulnerability in Trend Micro OfficeScan 112022-05-13
CVEList
CVE-2018-10507: A vulnerability in Trend Micro OfficeScan 112018-06-12

💥Exploits & PoCs

1
Exploit-DB
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass2018-06-08
CVE-2018-10507 (MEDIUM CVSS 4.4) | A vulnerability in Trend Micro Offi | cvebase.io