Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-27 CVE-2021-25247 Uncontrolled Search Path Element vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution.
4.4
2020-12-17 CVE-2020-8464 Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
network
low complexity
trendmicro CWE-918
5.0
2020-12-17 CVE-2020-8463 Incorrect Authorization vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
network
low complexity
trendmicro CWE-863
5.0
2020-12-17 CVE-2020-8461 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
6.8
2020-12-01 CVE-2020-28583 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28582 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28577 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28576 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
network
low complexity
trendmicro CWE-200
5.0
2020-12-01 CVE-2020-28575 Out-of-bounds Write vulnerability in Trendmicro Serverprotect 3.0
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-787
4.6
2020-12-01 CVE-2020-28573 Information Exposure vulnerability in Trendmicro Apex ONE and Officescan
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
network
low complexity
trendmicro CWE-200
5.0