Vulnerabilities > Trendmicro > Officescan > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-01 CVE-2020-28577 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28576 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28573 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
network
low complexity
trendmicro CWE-200
5.0
2020-03-18 CVE-2020-8468 Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components.
network
low complexity
trendmicro CWE-74
6.5
2020-03-18 CVE-2020-8467 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE).
network
low complexity
trendmicro
6.5
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
network
high complexity
trendmicro microsoft CWE-427
5.1
2019-12-20 CVE-2019-19691 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools.
network
low complexity
trendmicro
4.0
2019-10-28 CVE-2019-18187 Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE).
network
low complexity
trendmicro CWE-22
5.0
2019-07-26 CVE-2019-9492 Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection.
local
low complexity
trendmicro microsoft CWE-426
4.6
2019-04-05 CVE-2019-9489 Path Traversal vulnerability in Trendmicro products
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
network
low complexity
trendmicro CWE-22
5.0