Vulnerabilities > Trendmicro > Scanmail

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
5.5
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0
2017-12-16 CVE-2017-14093 Cross-site Scripting vulnerability in Trendmicro Scanmail 12.0
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.
network
low complexity
trendmicro CWE-79
6.1
2017-12-16 CVE-2017-14092 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
network
low complexity
trendmicro CWE-352
8.8
2017-12-16 CVE-2017-14091 Insufficient Verification of Data Authenticity vulnerability in Trendmicro Scanmail 12.0
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
network
high complexity
trendmicro CWE-345
7.5
2017-12-16 CVE-2017-14090 Inadequate Encryption Strength vulnerability in Trendmicro Scanmail 12.0
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.
network
low complexity
trendmicro CWE-326
critical
9.1