Vulnerabilities > Trendmicro > Scanmail > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2019-14688 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.
local
high complexity
trendmicro CWE-427
7.0
2017-12-16 CVE-2017-14092 Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
network
low complexity
trendmicro CWE-352
8.8
2017-12-16 CVE-2017-14091 Insufficient Verification of Data Authenticity vulnerability in Trendmicro Scanmail 12.0
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
network
high complexity
trendmicro CWE-345
7.5