Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-27695 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
local
low complexity
trendmicro CWE-426
7.8
7.8
2020-11-09 CVE-2020-27694 Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
network
low complexity
trendmicro
8.8
8.8
2020-11-09 CVE-2020-27693 Use of Password Hash With Insufficient Computational Effort vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 stores administrative passwords using a hash that is considered outdated.
local
low complexity
trendmicro CWE-916
4.4
4.4
2020-11-09 CVE-2020-27019 Missing Authentication for Critical Function vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key.
local
low complexity
trendmicro CWE-306
5.5
5.5
2020-11-09 CVE-2020-27018 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files.
local
low complexity
trendmicro CWE-918
5.5
5.5
2020-11-09 CVE-2020-27017 XXE vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files.
network
low complexity
trendmicro CWE-611
4.9
4.9
2020-11-09 CVE-2020-27016 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page.
network
low complexity
trendmicro CWE-352
8.8
8.8
2020-10-30 CVE-2020-27015 Information Exposure Through an Error Message vulnerability in Trendmicro Antivirus 2020
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland.
local
low complexity
trendmicro CWE-209
4.4
4.4
2020-10-30 CVE-2020-27014 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Antivirus 2020
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
local
high complexity
trendmicro CWE-367
6.4
6.4
2020-10-14 CVE-2020-27013 Unspecified vulnerability in Trendmicro Antivirus 2020
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data.
local
low complexity
trendmicro
4.4
4.4