CVE-2018-18332

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 54.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Officescan Trendmicro Officescan

Timeline

PublishedDec 21

Latest updateMay 13

Description

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDtrendmicro/officescanxg

▶CVEListV5trend_micro/trend_micro_officescanXG (12.0)

🔴Vulnerability Details

GHSA

GHSA-8wpw-gmr4-vh34: A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modif↗2022-05-13

▶

CVEList

CVE-2018-18332: A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modif↗2018-12-21

▶