cbcvebase.

Trendmicro Officescan vulnerabilities

70 known vulnerabilities affecting trendmicro/officescan.

Total CVEs
70
CISA KEV
6
actively exploited
Public exploits
9
Exploited in wild
7
Severity breakdown
CRITICAL8HIGH28MEDIUM33LOW1

Vulnerabilities

Page 1 of 4
CVE-2020-8599P1CRITICALCVSS 9.8KEVvxg2020-03-18
CVE-2020-8599 [CRITICAL] CVE-2020-8599: Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
nvd
CVE-2019-18187P1HIGHCVSS 7.5KEVv11.0vxg2019-10-28
CVE-2019-18187 [HIGH] CWE-22 CVE-2019-18187: Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a dir Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which d
nvd
CVE-2021-36741P1HIGHCVSS 8.8KEVvxg2021-07-29
CVE-2021-36741 [HIGH] CWE-434 CVE-2021-36741: An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeSca An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vu
nvd
CVE-2020-8467P1HIGHCVSS 8.8KEVvxg2020-03-18
CVE-2020-8467 [HIGH] CVE-2020-8467: A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
nvd
CVE-2020-8468P1HIGHCVSS 8.8KEVvxg2020-03-18
CVE-2020-8468 [HIGH] CWE-74 CVE-2020-8468: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
nvd
CVE-2021-36742P1HIGHCVSS 7.8KEVvxg2021-07-29
CVE-2021-36742 [HIGH] CWE-20 CVE-2021-36742: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu
nvd
CVE-2019-9489P2HIGHCVSS 7.5Exploitedv11.0vxg2019-04-05
CVE-2019-9489 [HIGH] CWE-22 CVE-2019-9489: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
nvd
CVE-2017-11394P1CRITICALCVSS 9.8PoCv11.0v12.02017-08-03
CVE-2017-11394 [CRITICAL] CWE-20 CVE-2017-11394: Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attacke Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
nvd
CVE-2017-14089P2CRITICALCVSS 9.8PoCv11.0v12.02017-10-06
CVE-2017-14089 [CRITICAL] CWE-119 CVE-2017-14089: An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remo An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
nvd
CVE-2017-14084P3HIGHCVSS 8.1PoCv11.0v12.02017-10-06
CVE-2017-14084 [HIGH] CVE-2017-14084: A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
nvd
CVE-2017-14087P2HIGHCVSS 7.5PoCv11.0v12.02017-10-06
CVE-2017-14087 [HIGH] CWE-20 CVE-2017-14087: A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to s A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
nvd
CVE-2017-14083P2HIGHCVSS 7.5PoCv11.0v12.02017-10-06
CVE-2017-14083 [HIGH] CVE-2017-14083: A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can ac A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
nvd
CVE-2017-14086P3HIGHCVSS 7.5PoCv11.0v12.02017-10-06
CVE-2017-14086 [HIGH] CWE-400 CVE-2017-14086: Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may all Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
nvd
CVE-2017-11393P2CRITICALCVSS 9.8v11.0v12.02017-08-03
CVE-2017-11393 [CRITICAL] CWE-20 CVE-2017-11393: Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attacke Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
nvd
CVE-2020-8598P2CRITICALCVSS 9.8vxg2020-03-18
CVE-2020-8598 [CRITICAL] CWE-306 CVE-2020-8598: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
nvd
CVE-2019-18189P2CRITICALCVSS 9.8v11.0vxg2019-10-28
CVE-2019-18189 [CRITICAL] CWE-22 CVE-2019-18189: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Bu A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
nvd
CVE-2017-14085P3MEDIUMCVSS 5.3PoCv11.0v12.02017-10-06
CVE-2017-14085 [MEDIUM] CWE-200 CVE-2017-14085: Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticat Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
nvd
CVE-2021-32465P2HIGHCVSS 8.8vxg2021-08-04
CVE-2021-32465 [HIGH] CWE-281 CVE-2021-32465: An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service an An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2008-2433P3CRITICALCVSS 9.8≥ 7.0, ≤ 8.02008-08-27
CVE-2008-2433 [CRITICAL] CWE-330 CVE-2008-2433: The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5 The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution throug
nvd
CVE-2017-5481P3HIGHCVSS 8.8v11.0v12.02017-05-03
CVE-2017-5481 [HIGH] CWE-200 CVE-2017-5481: Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated use Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
nvd