Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-25330 Integer Overflow or Wraparound vulnerability in Trendmicro products
Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution.
network
low complexity
trendmicro CWE-190
critical
9.8
2021-09-29 CVE-2021-36745 Forced Browsing vulnerability in Trendmicro Serverprotect 5.8/6.0
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.
network
low complexity
trendmicro CWE-425
critical
9.8
2020-12-17 CVE-2020-8466 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.
network
low complexity
trendmicro CWE-78
critical
9.8
2020-12-17 CVE-2020-8465 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.
network
low complexity
trendmicro CWE-352
critical
9.8
2020-11-18 CVE-2020-28578 Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
network
low complexity
trendmicro CWE-787
critical
9.8
2020-09-15 CVE-2020-24561 Command Injection vulnerability in Trendmicro Serverprotect 3.0
A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system.
network
low complexity
trendmicro CWE-77
critical
9.1
2020-05-27 CVE-2020-8606 Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
network
low complexity
trendmicro CWE-287
critical
9.8
2020-03-18 CVE-2020-8600 Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0/9.0/9.5
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.
network
low complexity
trendmicro CWE-22
critical
9.8
2020-03-18 CVE-2020-8599 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.
network
low complexity
trendmicro
critical
9.8
2020-03-18 CVE-2020-8598 Missing Authentication for Critical Function vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
network
low complexity
trendmicro CWE-306
critical
9.8