Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-27 CVE-2020-8605 OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations.
network
low complexity
trendmicro CWE-78
6.5
2020-05-27 CVE-2020-8604 Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
network
low complexity
trendmicro CWE-22
5.0
2020-05-27 CVE-2020-8603 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations.
network
trendmicro CWE-79
4.3
2020-03-18 CVE-2020-8468 Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components.
network
low complexity
trendmicro CWE-74
6.5
2020-03-18 CVE-2020-8467 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE).
network
low complexity
trendmicro
6.5
2020-03-12 CVE-2020-8469 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager 5.0
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
6.9
2020-02-20 CVE-2020-8601 Uncontrolled Search Path Element vulnerability in Trendmicro vulnerability Protection 2.0
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.
local
low complexity
trendmicro CWE-427
4.6
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
network
high complexity
trendmicro microsoft CWE-427
5.1
2020-01-30 CVE-2019-20358 Improper Input Validation vulnerability in Trendmicro Anti-Threat Toolkit 1.62.0.1218
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
network
high complexity
trendmicro CWE-20
5.1
2019-12-24 CVE-2019-19695 Link Following vulnerability in Trendmicro Antivirus 9.0.1379
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.
network
low complexity
trendmicro CWE-59
5.0