cbcvebase.

Trend Micro Officescan vulnerabilities

52 known vulnerabilities affecting trend_micro/trend_micro_officescan.

Total CVEs
52
CISA KEV
3
actively exploited
Public exploits
8
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH19MEDIUM30

Vulnerabilities

Page 2 of 3
CVE-2019-9492P3HIGHCVSS 7.8v11.0 SP1, XG (12.0)2019-07-26
CVE-2019-9492 [HIGH] CWE-426 CVE-2019-9492: A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authentica A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.
nvd
CVE-2021-25249P3HIGHCVSS 7.8vXG SP12021-02-04
CVE-2021-25249 [HIGH] CWE-787 CVE-2021-25249: An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and Saa An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2018-18331P3HIGHCVSS 7.5vXG (12.0)2018-12-21
CVE-2018-18331 [HIGH] CWE-732 CVE-2018-18331: A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particu A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
nvd
CVE-2021-25246P3MEDIUMCVSS 6.5vXG SP12021-02-04
CVE-2021-25246 [MEDIUM] CVE-2021-25246: An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
nvd
CVE-2017-14088P4HIGHCVSS 7.0v11.0, XG (12.0)2017-10-06
CVE-2017-14088 [HIGH] CWE-119 CVE-2017-14088: Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target sy
nvd
CVE-2021-25229P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25229 [MEDIUM] CVE-2021-25229: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
nvd
CVE-2021-25232P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25232 [MEDIUM] CVE-2021-25232: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
nvd
CVE-2020-28583P4MEDIUMCVSS 5.3vXG SP12020-12-01
CVE-2020-28583 [MEDIUM] CVE-2020-28583: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
nvd
CVE-2020-28577P4MEDIUMCVSS 5.3vXG SP12020-12-01
CVE-2020-28577 [MEDIUM] CVE-2020-28577: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
nvd
CVE-2020-28576P4MEDIUMCVSS 5.3vXG SP12020-12-01
CVE-2020-28576 [MEDIUM] CVE-2020-28576: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
nvd
CVE-2020-28573P4MEDIUMCVSS 5.3vXG SP12020-12-01
CVE-2020-28573 [MEDIUM] CVE-2020-28573: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
nvd
CVE-2021-25231P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25231 [MEDIUM] CVE-2021-25231: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
nvd
CVE-2021-25235P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25235 [MEDIUM] CVE-2021-25235: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
nvd
CVE-2021-25234P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25234 [MEDIUM] CVE-2021-25234: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
nvd
CVE-2021-25233P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25233 [MEDIUM] CVE-2021-25233: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
nvd
CVE-2020-28582P4MEDIUMCVSS 5.3vXG SP12020-12-01
CVE-2020-28582 [MEDIUM] CVE-2020-28582: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
nvd
CVE-2021-25242P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25242 [MEDIUM] CVE-2021-25242: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
nvd
CVE-2021-25228P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25228 [MEDIUM] CVE-2021-25228: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
nvd
CVE-2021-25240P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25240 [MEDIUM] CVE-2021-25240: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
nvd
CVE-2021-25230P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25230 [MEDIUM] CVE-2021-25230: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
nvd
Trend Micro Officescan vulnerabilities | cvebase