Trendmicro Scanmail vulnerabilities

CVE-2021-25252 [MEDIUM] CWE-400 CVE-2021-25252: Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a me Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

CVE-2019-14688 [HIGH] CWE-427 CVE-2019-14688: Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker mus

CVE-2017-14090 [CRITICAL] CWE-326 CVE-2017-14090: A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

CVE-2017-14092 [HIGH] CWE-352 CVE-2017-14092: The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

CVE-2017-14091 [HIGH] CWE-345 CVE-2017-14091: A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installat A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.

CVE-2017-14093 [MEDIUM] CWE-79 CVE-2017-14093: The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.