cbcvebase.

Trend Micro Officescan vulnerabilities

52 known vulnerabilities affecting trend_micro/trend_micro_officescan.

Total CVEs
52
CISA KEV
3
actively exploited
Public exploits
8
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH19MEDIUM30

Vulnerabilities

Page 1 of 3
CVE-2019-18187P1HIGHCVSS 7.5KEVvVersion 11.0, XG (12.0)2019-10-28
CVE-2019-18187 [HIGH] CWE-22 CVE-2019-18187: Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a dir Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which d
nvd
CVE-2021-36741P1HIGHCVSS 8.8KEVvXG SP12021-07-29
CVE-2021-36741 [HIGH] CWE-434 CVE-2021-36741: An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeSca An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vu
nvd
CVE-2021-36742P1HIGHCVSS 7.8KEVvXG SP12021-07-29
CVE-2021-36742 [HIGH] CWE-20 CVE-2021-36742: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu
nvd
CVE-2017-11394P1CRITICALCVSS 9.8PoCv11, XG (12)2017-08-03
CVE-2017-11394 [CRITICAL] CWE-20 CVE-2017-11394: Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attacke Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
nvd
CVE-2017-14089P2CRITICALCVSS 9.8PoCv11.0, XG (12.0)2017-10-06
CVE-2017-14089 [CRITICAL] CWE-119 CVE-2017-14089: An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remo An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
nvd
CVE-2017-14084P3HIGHCVSS 8.1PoCv11.0, XG (12.0)2017-10-06
CVE-2017-14084 [HIGH] CVE-2017-14084: A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
nvd
CVE-2017-14087P2HIGHCVSS 7.5PoCvXG (12.0)2017-10-06
CVE-2017-14087 [HIGH] CWE-20 CVE-2017-14087: A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to s A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
nvd
CVE-2017-14083P2HIGHCVSS 7.5PoCv11.0, XG (12.0)2017-10-06
CVE-2017-14083 [HIGH] CVE-2017-14083: A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can ac A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
nvd
CVE-2017-14086P3HIGHCVSS 7.5PoCv11.0, XG (12.0)2017-10-06
CVE-2017-14086 [HIGH] CWE-400 CVE-2017-14086: Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may all Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
nvd
CVE-2017-11393P2CRITICALCVSS 9.8v11, XG (12)2017-08-03
CVE-2017-11393 [CRITICAL] CWE-20 CVE-2017-11393: Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attacke Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
nvd
CVE-2017-14085P3MEDIUMCVSS 5.3PoCv11.0, XG (12.0)2017-10-06
CVE-2017-14085 [MEDIUM] CWE-200 CVE-2017-14085: Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticat Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
nvd
CVE-2021-32465P2HIGHCVSS 8.8vXG SP12021-08-04
CVE-2021-32465 [HIGH] CWE-281 CVE-2021-32465: An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service an An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2018-10508P3HIGHCVSS 8.8v11.0 SP1, XG2018-06-12
CVE-2018-10508 [HIGH] CVE-2018-10508: A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.
nvd
CVE-2018-10509P3HIGHCVSS 8.8v11.0 SP1, XG2018-06-12
CVE-2018-10509 [HIGH] CVE-2018-10509: A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.
nvd
CVE-2018-10507P4MEDIUMCVSS 4.4PoCv11.0 SP1, XG2018-06-12
CVE-2018-10507 [MEDIUM] CVE-2018-10507: A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
nvd
CVE-2021-25253P3HIGHCVSS 7.8vXG SP12021-04-13
CVE-2021-25253 [HIGH] CWE-732 CVE-2021-25253: An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to
nvd
CVE-2021-25250P3HIGHCVSS 7.8vXG SP12021-04-13
CVE-2021-25250 [HIGH] CWE-732 CVE-2021-25250: An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2020-24556P3HIGHCVSS 7.8vXG SP12020-09-01
CVE-2020-24556 [HIGH] CWE-59 CVE-2020-24556: A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability
nvd
CVE-2018-18332P3HIGHCVSS 7.5vXG (12.0)2018-12-21
CVE-2018-18332 [HIGH] CWE-732 CVE-2018-18332: A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
nvd
CVE-2021-28645P3HIGHCVSS 7.8vXG SP12021-04-13
CVE-2021-28645 [HIGH] CWE-732 CVE-2021-28645: An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
Trend Micro Officescan vulnerabilities | cvebase