Vulnerabilities > Trendmicro > Officescan

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2019-19691 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools.
network
low complexity
trendmicro
4.9
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
9.8
2019-10-28 CVE-2019-18187 Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-22
7.5
2019-07-26 CVE-2019-9492 Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection.
local
low complexity
trendmicro CWE-426
7.8
2019-04-05 CVE-2019-9489 Path Traversal vulnerability in Trendmicro products
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
network
low complexity
trendmicro CWE-22
7.5
2018-12-21 CVE-2018-18332 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
network
low complexity
trendmicro CWE-732
7.5
2018-12-21 CVE-2018-18331 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
network
low complexity
trendmicro CWE-732
7.5
2018-07-06 CVE-2018-3608 Code Injection vulnerability in Trendmicro products
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
network
low complexity
trendmicro CWE-94
critical
9.8
2018-06-12 CVE-2018-10509 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations.
network
low complexity
trendmicro
8.8
2018-06-12 CVE-2018-10508 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations.
network
low complexity
trendmicro
8.8