Vulnerabilities > Trendmicro > Worry Free Business Security > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-18 CVE-2020-8470 Improper Input Validation vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges.
network
low complexity
trendmicro CWE-20
critical
9.4
2020-03-18 CVE-2020-8598 Improper Input Validation vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
network
low complexity
trendmicro CWE-20
critical
10.0
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
10.0
2008-08-27 CVE-2008-2433 Use of Insufficiently Random Values vulnerability in Trendmicro products
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks.
network
low complexity
trendmicro CWE-330
critical
9.8