cbcvebase.

Trendmicro Officescan vulnerabilities

70 known vulnerabilities affecting trendmicro/officescan.

Total CVEs
70
CISA KEV
6
actively exploited
Public exploits
9
Exploited in wild
7
Severity breakdown
CRITICAL8HIGH28MEDIUM33LOW1

Vulnerabilities

Page 3 of 4
CVE-2021-25232P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25232 [MEDIUM] CVE-2021-25232: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
nvd
CVE-2020-28583P4MEDIUMCVSS 5.3vxg2020-12-01
CVE-2020-28583 [MEDIUM] CVE-2020-28583: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
nvd
CVE-2020-28577P4MEDIUMCVSS 5.3vxg2020-12-01
CVE-2020-28577 [MEDIUM] CVE-2020-28577: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
nvd
CVE-2020-28576P4MEDIUMCVSS 5.3vxg2020-12-01
CVE-2020-28576 [MEDIUM] CVE-2020-28576: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
nvd
CVE-2020-28573P4MEDIUMCVSS 5.3vxg2020-12-01
CVE-2020-28573 [MEDIUM] CVE-2020-28573: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
nvd
CVE-2021-25231P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25231 [MEDIUM] CVE-2021-25231: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
nvd
CVE-2021-25235P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25235 [MEDIUM] CVE-2021-25235: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
nvd
CVE-2021-25234P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25234 [MEDIUM] CVE-2021-25234: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
nvd
CVE-2021-25233P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25233 [MEDIUM] CVE-2021-25233: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
nvd
CVE-2019-14688P4HIGHCVSS 7.0vxg2020-02-20
CVE-2019-14688 [HIGH] CWE-427 CVE-2019-14688: Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker mus
nvd
CVE-2020-28582P4MEDIUMCVSS 5.3vxg2020-12-01
CVE-2020-28582 [MEDIUM] CVE-2020-28582: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
nvd
CVE-2021-25242P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25242 [MEDIUM] CVE-2021-25242: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
nvd
CVE-2021-25228P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25228 [MEDIUM] CVE-2021-25228: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
nvd
CVE-2021-25240P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25240 [MEDIUM] CVE-2021-25240: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
nvd
CVE-2021-25230P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25230 [MEDIUM] CVE-2021-25230: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
nvd
CVE-2021-25236P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25236 [MEDIUM] CWE-918 CVE-2021-25236: A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
nvd
CVE-2020-8607P4MEDIUMCVSS 6.7vxg2020-08-05
CVE-2020-8607 [MEDIUM] CWE-20 CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker
nvd
CVE-2021-25243P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25243 [MEDIUM] CVE-2021-25243: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
nvd
CVE-2021-25239P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25239 [MEDIUM] CVE-2021-25239: An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and W An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
nvd
CVE-2021-25238P4MEDIUMCVSS 5.3vxg2021-02-04
CVE-2021-25238 [MEDIUM] CVE-2021-25238: An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
nvd
Trendmicro Officescan vulnerabilities | cvebase