cbcvebase.

Trendmicro Officescan vulnerabilities

70 known vulnerabilities affecting trendmicro/officescan.

Total CVEs
70
CISA KEV
6
actively exploited
Public exploits
9
Exploited in wild
7
Severity breakdown
CRITICAL8HIGH28MEDIUM33LOW1

Vulnerabilities

Page 2 of 4
CVE-2018-3608P3CRITICALCVSS 9.8v11.0v12.02018-07-06
CVE-2018-3608 [CRITICAL] CWE-94 CVE-2018-3608: A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) Use A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
nvd
CVE-2018-10508P3HIGHCVSS 8.8v11.0vxg2018-06-12
CVE-2018-10508 [HIGH] CVE-2018-10508: A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.
nvd
CVE-2020-8470P3HIGHCVSS 7.5vxg2020-03-18
CVE-2020-8470 [HIGH] CVE-2020-8470: Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
nvd
CVE-2018-10509P3HIGHCVSS 8.8v11.0vxg2018-06-12
CVE-2018-10509 [HIGH] CVE-2018-10509: A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.
nvd
CVE-2018-10507P4MEDIUMCVSS 4.4PoCv11.0vxg2018-06-12
CVE-2018-10507 [MEDIUM] CVE-2018-10507: A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
nvd
CVE-2021-25253P3HIGHCVSS 7.8vxg2021-04-13
CVE-2021-25253 [HIGH] CWE-732 CVE-2021-25253: An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to
nvd
CVE-2020-24559P3HIGHCVSS 7.8vxg2020-09-01
CVE-2020-24559 [HIGH] CWE-59 CVE-2020-24559: A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Busine A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute l
nvd
CVE-2021-32464P3HIGHCVSS 7.8vxg2021-08-04
CVE-2021-32464 [HIGH] CWE-276 CVE-2021-32464: An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to e
nvd
CVE-2021-25250P3HIGHCVSS 7.8vxg2021-04-13
CVE-2021-25250 [HIGH] CWE-732 CVE-2021-25250: An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2018-18332P3HIGHCVSS 7.5vxg2018-12-21
CVE-2018-18332 [HIGH] CWE-732 CVE-2018-18332: A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
nvd
CVE-2021-28645P3HIGHCVSS 7.8vxg2021-04-13
CVE-2021-28645 [HIGH] CWE-732 CVE-2021-28645: An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2019-9492P3HIGHCVSS 7.8v11.0vxg2019-07-26
CVE-2019-9492 [HIGH] CWE-426 CVE-2019-9492: A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authentica A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.
nvd
CVE-2020-24562P3HIGHCVSS 7.8vxg2020-09-29
CVE-2020-24562 [HIGH] CVE-2020-24562: A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to creat A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Thi
nvd
CVE-2021-25249P3HIGHCVSS 7.8vxg2021-02-04
CVE-2021-25249 [HIGH] CWE-787 CVE-2021-25249: An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and Saa An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2018-18331P3HIGHCVSS 7.5vxg2018-12-21
CVE-2018-18331 [HIGH] CWE-732 CVE-2018-18331: A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particu A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
nvd
CVE-2021-25246P3MEDIUMCVSS 6.5vxg2021-02-04
CVE-2021-25246 [MEDIUM] CVE-2021-25246: An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
nvd
CVE-2017-14088P4HIGHCVSS 7.0v11.02017-10-06
CVE-2017-14088 [HIGH] CWE-119 CVE-2017-14088: Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target sy
nvd
CVE-2016-1223P4MEDIUMCVSS 5.3v11.02016-06-19
CVE-2016-1223 [MEDIUM] CWE-22 CVE-2016-1223: Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Serv Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2018-6218P4HIGHCVSS 7.0v11.0v12.02018-02-16
CVE-2018-6218 [HIGH] CWE-426 CVE-2018-6218: A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacke A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
nvd
CVE-2021-25229P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25229 [MEDIUM] CVE-2021-25229: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
nvd
Trendmicro Officescan vulnerabilities | cvebase