Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-27697 Link Following vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
local
low complexity
trendmicro CWE-59
7.8
2020-11-18 CVE-2020-27696 Unspecified vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.
local
low complexity
trendmicro
7.8
2020-11-18 CVE-2020-27695 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
local
low complexity
trendmicro CWE-426
7.8
2020-11-09 CVE-2020-27694 Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
network
low complexity
trendmicro
8.8
2020-11-09 CVE-2020-27016 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page.
network
low complexity
trendmicro CWE-352
8.8
2020-10-02 CVE-2020-25776 Link Following vulnerability in Trendmicro Antivirus 2019/2020
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges.
local
low complexity
trendmicro CWE-59
7.8
2020-09-29 CVE-2020-25773 Double Free vulnerability in Trendmicro Apex ONE 2019/Saas
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products.
local
low complexity
trendmicro CWE-415
7.8
2020-09-29 CVE-2020-24563 Improper Authentication vulnerability in Trendmicro Apex ONE 2019/Saas
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution.
local
low complexity
trendmicro CWE-287
7.8
2020-09-29 CVE-2020-24562 Link Following vulnerability in Trendmicro Officescan XG
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution.
local
low complexity
trendmicro CWE-59
7.8
2020-09-24 CVE-2020-24560 Improper Certificate Validation vulnerability in Trendmicro products
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one.
network
low complexity
trendmicro CWE-295
7.5