Vulnerabilities > Trendmicro > Worry Free Business Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2021-25238 | Information Exposure vulnerability in Trendmicro Officescan and Worry-Free Business Security An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. | 5.0 |
| 2021-02-04 | CVE-2021-25236 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Officescan and Worry-Free Business Security A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | 5.0 |
| 2021-02-04 | CVE-2021-25234 | Information Exposure vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. | 5.0 |
| 2021-02-04 | CVE-2021-25233 | Information Exposure vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. | 5.0 |
| 2021-02-04 | CVE-2021-25231 | Information Exposure vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. | 5.0 |
| 2021-02-04 | CVE-2021-25228 | Incorrect Authorization vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. | 5.0 |
| 2020-11-18 | CVE-2020-28574 | Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0 A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | 6.4 |
| 2020-03-18 | CVE-2020-8468 | Injection vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. | 6.5 |
| 2019-04-05 | CVE-2019-9489 | Path Traversal vulnerability in Trendmicro products A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | 5.0 |
| 2018-02-16 | CVE-2018-6218 | Untrusted Search Path vulnerability in Trendmicro products A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 5.1 |