Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-27 CVE-2020-8605 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations.
network
low complexity
trendmicro CWE-78
8.8
2020-05-27 CVE-2020-8604 Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
network
low complexity
trendmicro CWE-22
7.5
2020-03-18 CVE-2020-8470 Unspecified vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges.
network
low complexity
trendmicro
7.5
2020-03-18 CVE-2020-8468 Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components.
network
low complexity
trendmicro CWE-74
8.8
2020-03-18 CVE-2020-8467 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE).
network
low complexity
trendmicro
8.8
2020-03-12 CVE-2020-8469 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
local
low complexity
trendmicro CWE-427
7.8
2020-02-20 CVE-2020-8601 Uncontrolled Search Path Element vulnerability in Trendmicro vulnerability Protection 2.0
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
local
low complexity
trendmicro CWE-427
7.8
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0
2020-01-30 CVE-2019-20358 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Anti-Threat Toolkit 1.62.0.1218
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
local
low complexity
trendmicro CWE-732
7.8
2020-01-18 CVE-2019-20357 Unquoted Search Path or Element vulnerability in Trendmicro products
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
local
low complexity
trendmicro CWE-428
7.8