Trend Micro Officescan vulnerabilities
52 known vulnerabilities affecting trend_micro/trend_micro_officescan.
Total CVEs
52
CISA KEV
3
actively exploited
Public exploits
8
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH19MEDIUM30
Vulnerabilities
Page 3 of 3
CVE-2021-25236P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25236 [MEDIUM] CWE-918 CVE-2021-25236: A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
nvd
CVE-2020-8607P4MEDIUMCVSS 6.7vXG SP12020-08-05
CVE-2020-8607 [MEDIUM] CWE-20 CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker
nvd
CVE-2021-25243P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25243 [MEDIUM] CVE-2021-25243: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
nvd
CVE-2021-25239P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25239 [MEDIUM] CVE-2021-25239: An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and W
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
nvd
CVE-2021-25238P4MEDIUMCVSS 5.3vXG SP12021-02-04
CVE-2021-25238 [MEDIUM] CVE-2021-25238: An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
nvd
CVE-2018-10358P4MEDIUMCVSS 6.3v11.0 SP1, XG2018-06-08
CVE-2018-10358 [MEDIUM] CWE-119 CVE-2018-10358: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in orde
nvd
CVE-2018-10505P4MEDIUMCVSS 6.3v11.0 SP1, XG2018-06-08
CVE-2018-10505 [MEDIUM] CWE-119 CVE-2018-10505: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in orde
nvd
CVE-2018-10359P4MEDIUMCVSS 6.3v11.0 SP1, XG2018-06-08
CVE-2018-10359 [MEDIUM] CWE-119 CVE-2018-10359: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in orde
nvd
CVE-2021-25248P4MEDIUMCVSS 5.5vXG SP12021-02-04
CVE-2021-25248 [MEDIUM] CWE-125 CVE-2021-25248: An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2021-28646P4MEDIUMCVSS 5.5vXG SP12021-04-13
CVE-2021-28646 [MEDIUM] CWE-732 CVE-2021-28646: An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and Office
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
nvd
CVE-2018-15364P4MEDIUMCVSS 4.7vXG (12.0)2018-08-30
CVE-2018-15364 [MEDIUM] CWE-200 CVE-2018-15364: A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Mic
A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
nvd
CVE-2018-10506P4MEDIUMCVSS 4.7v11.0 SP1, XG2018-06-08
CVE-2018-10506 [MEDIUM] CWE-125 CVE-2018-10506: A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target
nvd
← Previous3 / 3