Vulnerabilities > Trendmicro > Officescan > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-01 | CVE-2020-28577 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | 5.0 |
| 2020-12-01 | CVE-2020-28576 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | 5.0 |
| 2020-12-01 | CVE-2020-28573 | Information Exposure vulnerability in Trendmicro Apex ONE and Officescan An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | 5.0 |
| 2020-03-18 | CVE-2020-8468 | Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. | 6.5 |
| 2020-03-18 | CVE-2020-8467 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). | 6.5 |
| 2020-02-20 | CVE-2019-14688 | Uncontrolled Search Path Element vulnerability in Trendmicro products Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. | 5.1 |
| 2019-12-20 | CVE-2019-19691 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. | 4.0 |
| 2019-10-28 | CVE-2019-18187 | Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). | 5.0 |
| 2019-07-26 | CVE-2019-9492 | Untrusted Search Path vulnerability in Trendmicro Officescan 11.0/Xg A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. | 4.6 |
| 2019-04-05 | CVE-2019-9489 | Path Traversal vulnerability in Trendmicro products A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | 5.0 |