Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Officescan
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 71 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-08-27 | CVE-2008-2433 | The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." | Client_server_messaging_suite, Officescan, Worry\-Free_business_security | 9.8 | ||
| 2019-04-05 | CVE-2019-9489 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | Apex_one, Apex_one_as_a_service, Business_security, Officescan, Worry\-Free_business_security | 7.5 | ||
| 2018-02-16 | CVE-2018-6218 | A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | Deep_security, Endpoint_sensor, Officescan, Security, Worry\-Free_business_security | 7.0 | ||
| 2016-06-19 | CVE-2016-1223 | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | Officescan, Worry\-Free_business_security, Worry\-Free_business_security_services | 5.3 | ||
| 2018-12-21 | CVE-2018-18332 | A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | Officescan | 7.5 | ||
| 2018-12-21 | CVE-2018-18331 | A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | Officescan | 7.5 | ||
| 2020-02-20 | CVE-2019-14688 | Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. | Control_manager, Endpoint_sensor, Im_security, Mobile_security, Officescan, Scanmail, Security, Serverprotect | N/A | ||
| 2019-12-20 | CVE-2019-19691 | A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. | Apex_one, Officescan | N/A | ||
| 2019-10-28 | CVE-2019-18189 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | Apex_one, Officescan, Worry\-Free_business_security | N/A | ||
| 2017-05-03 | CVE-2017-5481 | Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | Officescan | 8.8 |