Vulnerabilities > Trendmicro > Officescan > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2020-8470 Improper Input Validation vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges.
network
low complexity
trendmicro CWE-20
critical
9.4
2020-03-18 CVE-2020-8598 Improper Input Validation vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
network
low complexity
trendmicro CWE-20
critical
10.0
2020-03-18 CVE-2020-8599 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.
network
low complexity
trendmicro
critical
10.0
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
10.0
2018-07-06 CVE-2018-3608 Code Injection vulnerability in Trendmicro products
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
network
low complexity
trendmicro microsoft CWE-94
critical
10.0
2017-08-03 CVE-2017-11393 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
10.0
2017-08-03 CVE-2017-11394 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
10.0
2008-08-27 CVE-2008-2433 Use of Insufficiently Random Values vulnerability in Trendmicro products
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks.
network
low complexity
trendmicro CWE-330
critical
9.8