Vulnerabilities > Trendmicro > Officescan > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2020-8470 Unspecified vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges.
network
low complexity
trendmicro
7.5
2020-03-18 CVE-2020-8468 Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components.
network
low complexity
trendmicro CWE-74
8.8
2020-03-18 CVE-2020-8467 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE).
network
low complexity
trendmicro
8.8
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0
2019-10-28 CVE-2019-18187 Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-22
7.5
2019-07-26 CVE-2019-9492 Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection.
local
low complexity
trendmicro CWE-426
7.8
2019-04-05 CVE-2019-9489 Path Traversal vulnerability in Trendmicro products
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
network
low complexity
trendmicro CWE-22
7.5
2018-12-21 CVE-2018-18332 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
network
low complexity
trendmicro CWE-732
7.5
2018-12-21 CVE-2018-18331 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
network
low complexity
trendmicro CWE-732
7.5
2018-06-12 CVE-2018-10509 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations.
network
low complexity
trendmicro
8.8