Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-28579 Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
network
low complexity
trendmicro CWE-787
6.5
2020-11-18 CVE-2020-28574 Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
network
low complexity
trendmicro CWE-22
6.4
2020-11-18 CVE-2020-28572 Improper Privilege Management vulnerability in Trendmicro Apex ONE 2019
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
local
low complexity
trendmicro CWE-269
4.6
2020-11-18 CVE-2020-27697 Link Following vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
6.9
2020-11-18 CVE-2020-27696 Unspecified vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.
local
trendmicro
6.9
2020-11-18 CVE-2020-27695 Untrusted Search Path vulnerability in Trendmicro products
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
6.9
2020-11-09 CVE-2020-27694 Unspecified vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 has updated a specific critical library that may vulnerable to attack.
network
low complexity
trendmicro
6.5
2020-11-09 CVE-2020-27017 XML Entity Expansion vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files.
network
low complexity
trendmicro CWE-776
4.0
2020-11-09 CVE-2020-27016 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 8.5.1.1516/9.0/9.1
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a cross-site request forgery (CSRF) vulnerability which could allow an attacker to modify policy rules by tricking an authenticated administrator into accessing an attacker-controlled web page.
6.8
2020-10-30 CVE-2020-27014 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Antivirus 2020
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
6.9