Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-32462 Unspecified vulnerability in Trendmicro Password Manager
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations.
network
low complexity
trendmicro
critical
9.0
2020-12-17 CVE-2020-8465 Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
network
low complexity
trendmicro CWE-287
critical
10.0
2020-11-18 CVE-2020-28581 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
critical
9.0
2020-11-18 CVE-2020-28580 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
critical
9.0
2020-09-15 CVE-2020-24561 Command Injection vulnerability in Trendmicro Serverprotect 3.0
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system.
network
low complexity
trendmicro CWE-77
critical
9.0
2020-03-18 CVE-2020-8599 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.
network
low complexity
trendmicro
critical
10.0
2020-03-18 CVE-2020-8598 Improper Input Validation vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
network
low complexity
trendmicro CWE-20
critical
10.0
2020-03-18 CVE-2020-8470 Improper Input Validation vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges.
network
low complexity
trendmicro CWE-20
critical
9.4
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
10.0
2019-08-20 CVE-2019-14684 Untrusted Search Path vulnerability in Trendmicro Password Manager 5.0
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.
network
trendmicro CWE-426
critical
9.3