Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-04 CVE-2021-25249 Out-of-bounds Write vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-787
7.8
2021-01-27 CVE-2021-25247 Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution.
local
low complexity
trendmicro CWE-427
7.8
2020-12-17 CVE-2020-8464 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
network
low complexity
trendmicro CWE-918
7.5
2020-12-17 CVE-2020-8463 Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
network
low complexity
trendmicro CWE-22
7.5
2020-12-17 CVE-2020-8461 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
network
low complexity
trendmicro CWE-352
8.8
2020-11-18 CVE-2020-28581 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
7.2
2020-11-18 CVE-2020-28580 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
network
low complexity
trendmicro CWE-78
7.2
2020-11-18 CVE-2020-28579 Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
network
low complexity
trendmicro CWE-787
8.8
2020-11-18 CVE-2020-28574 Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
network
low complexity
trendmicro CWE-22
7.5
2020-11-18 CVE-2020-28572 Unspecified vulnerability in Trendmicro Apex ONE 2019
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
local
low complexity
trendmicro
7.8