Trendmicro Mobile Security vulnerabilities

CVE-2023-41176 [MEDIUM] CWE-79 CVE-2023-41176: Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) cou Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177.

CVE-2023-41178 [MEDIUM] CVE-2023-41178: Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) cou Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176.

CVE-2023-41177 [MEDIUM] CWE-79 CVE-2023-41177: Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) cou Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178.

CVE-2023-32521 [CRITICAL] CWE-22 CVE-2023-32521: A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.

CVE-2023-32522 [HIGH] CWE-22 CVE-2023-32522: A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2023-32524 [HIGH] CVE-2023-32524: Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that woul Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is simi

CVE-2023-35695 [HIGH] CWE-532 CVE-2023-35695: A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.

CVE-2023-32523 [HIGH] CWE-287 CVE-2023-32523: Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that woul Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This

CVE-2023-32527 [HIGH] CWE-94 CVE-2023-32527: Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a r Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical

CVE-2023-32528 [HIGH] CVE-2023-32528: Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a r Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE

CVE-2023-32526 [MEDIUM] CVE-2023-32526: Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to C

CVE-2023-32525 [MEDIUM] CWE-434 CVE-2023-32525: Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identi

CVE-2022-40980 [CRITICAL] CVE-2022-40980: A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.

CVE-2019-14688 [HIGH] CWE-427 CVE-2019-14688: Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker mus

CVE-2019-19690 [CRITICAL] CWE-521 CVE-2019-19690: Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.

CVE-2017-14082 [HIGH] CWE-200 CVE-2017-14082: An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterp An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system.

CVE-2017-14080 [CRITICAL] CWE-287 CVE-2017-14080: Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.

CVE-2017-14078 [CRITICAL] CWE-89 CVE-2017-14078: SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

CVE-2017-14081 [HIGH] CWE-77 CVE-2017-14081: Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.

CVE-2017-14079 [HIGH] CWE-434 CVE-2017-14079: Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 al Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.