Vulnerabilities > Trendmicro > Scanmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-25252 | Resource Exhaustion vulnerability in Trendmicro products Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | 4.9 |
| 2020-02-20 | CVE-2019-14688 | Uncontrolled Search Path Element vulnerability in Trendmicro products Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. | 5.1 |
| 2017-12-16 | CVE-2017-14093 | Cross-site Scripting vulnerability in Trendmicro Scanmail 12.0 The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | 4.3 |
| 2017-12-16 | CVE-2017-14092 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0 The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | 6.8 |
| 2017-12-16 | CVE-2017-14091 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Scanmail 12.0 A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | 7.6 |
| 2017-12-16 | CVE-2017-14090 | Inadequate Encryption Strength vulnerability in Trendmicro Scanmail 12.0 A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | 6.4 |