Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2016-9319 Improper Certificate Validation vulnerability in Trendmicro Mobile Security
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. 		4.3
4.3
2017-03-21 CVE-2017-5565 Uncontrolled Search Path Element vulnerability in Trendmicro products
Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack.
local
low complexity
trendmicro CWE-427
7.2
7.2
2017-03-14 CVE-2017-6398 Remote Code Execution vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.11600
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600.
network
low complexity
trendmicro
critical
 9.0
9.0
2017-03-10 CVE-2017-6798 Untrusted Search Path vulnerability in Trendmicro Endpoint Sensor 1.6
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
network
trendmicro CWE-426
critical
 9.3
9.3
2017-02-21 CVE-2016-9316 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages.
network
trendmicro CWE-79
3.5
3.5
2017-02-21 CVE-2016-9315 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts.
network
low complexity
trendmicro CWE-264
4.0
4.0
2017-02-21 CVE-2016-9314 Information Exposure vulnerability in Trendmicro Interscan web Security Virtual Appliance
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine.
network
low complexity
trendmicro CWE-200
4.0
4.0
2017-02-21 CVE-2016-9269 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality.
network
low complexity
trendmicro CWE-264
critical
 9.0
9.0
2017-01-30 CVE-2016-6270 Command Injection vulnerability in Trendmicro Virtual Mobile Infrastructure 5.0
The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/.
network
low complexity
trendmicro CWE-77
critical
 9.0
9.0
2017-01-30 CVE-2016-6269 Path Traversal vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
network
low complexity
trendmicro CWE-22
7.5
7.5