Vulnerabilities > Trendmicro > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2018-6220 Injection vulnerability in Trendmicro Email Encryption Gateway 5.5
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
network
low complexity
trendmicro CWE-74
critical
9.8
2018-02-09 CVE-2018-3601 Improper Authentication vulnerability in Trendmicro Control Manager 6.0
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.
network
low complexity
trendmicro CWE-287
critical
9.8
2018-01-19 CVE-2017-14097 Unspecified vulnerability in Trendmicro Smart Protection Server
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
network
low complexity
trendmicro
critical
9.8
2018-01-19 CVE-2017-14094 Injection vulnerability in Trendmicro Smart Protection Server
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
network
low complexity
trendmicro CWE-74
critical
9.8
2017-12-16 CVE-2017-14090 Inadequate Encryption Strength vulnerability in Trendmicro Scanmail 12.0
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
network
low complexity
trendmicro CWE-326
critical
9.1
2017-10-06 CVE-2017-14089 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/12.0
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
network
low complexity
trendmicro CWE-119
critical
9.8
2017-09-22 CVE-2017-14080 Improper Authentication vulnerability in Trendmicro Mobile Security 9.7
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
network
low complexity
trendmicro CWE-287
critical
9.8
2017-09-22 CVE-2017-14078 SQL Injection vulnerability in Trendmicro Mobile Security 9.7
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-89
critical
9.8
2017-08-03 CVE-2017-11394 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
9.8
2017-08-03 CVE-2017-11393 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations.
network
low complexity
trendmicro CWE-20
critical
9.8