Vulnerabilities > Trendmicro > Worry Free Business Security

DATE CVE VULNERABILITY TITLE RISK
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
10.0
2019-04-05 CVE-2019-9489 Path Traversal vulnerability in Trendmicro products
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
network
low complexity
trendmicro CWE-22
5.0
2018-02-16 CVE-2018-6218 Untrusted Search Path vulnerability in Trendmicro products
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
network
high complexity
trendmicro CWE-426
5.1
2016-06-19 CVE-2016-1224 Cross-site Scripting vulnerability in Trendmicro products
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
trendmicro CWE-79
4.3
2016-06-19 CVE-2016-1223 Path Traversal vulnerability in Trendmicro products
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
trendmicro CWE-22
5.0
2008-08-27 CVE-2008-2433 Use of Insufficiently Random Values vulnerability in Trendmicro products
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks.
network
low complexity
trendmicro CWE-330
critical
9.8