Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-8466 Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
network
low complexity
trendmicro CWE-77
7.5
2020-12-17 CVE-2020-8465 Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
network
low complexity
trendmicro CWE-287
critical
10.0
2020-12-17 CVE-2020-8464 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
network
low complexity
trendmicro CWE-918
5.0
2020-12-17 CVE-2020-8463 Incorrect Authorization vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
network
low complexity
trendmicro CWE-863
5.0
2020-12-17 CVE-2020-8462 Cross-Site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.
network
trendmicro CWE-79
3.5
2020-12-17 CVE-2020-8461 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
6.8
2020-12-17 CVE-2020-27010 Cross-Site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
network
trendmicro CWE-79
3.5
2020-12-01 CVE-2020-28583 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28582 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28577 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
network
low complexity
trendmicro CWE-200
5.0