Password Manager
by Trend Micro
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3987 | Cri | 0.68 | 9.8 | 0.22 | Apr 12, 2016 | The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. | ||
| CVE-2025-27582 | Hig | 0.49 | 7.6 | 0.00 | Jul 14, 2025 | The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the… | ||
| CVE-2024-9203 | Low | 0.16 | 2.5 | 0.00 | Sep 26, 2024 | A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached… | ||
| CVE-2021-32462 | 0.01 | — | 0.05 | Jul 8, 2021 | Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected… | |||
| CVE-2025-52837 | 0.00 | — | 0.00 | Jul 10, 2025 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege… | |||
| CVE-2025-48443 | 0.00 | — | 0.00 | Jun 17, 2025 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the… | |||
| CVE-2024-26362 | 0.00 | — | 0.01 | Apr 10, 2024 | HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | |||
| CVE-2023-48654 | 0.00 | — | 0.01 | Dec 25, 2023 | One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape… | |||
| CVE-2023-51772 | 0.00 | — | 0.01 | Dec 25, 2023 | One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape… | |||
| CVE-2023-4003 | 0.00 | — | 0.00 | Sep 27, 2023 | One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. | |||
| CVE-2023-25428 | 0.00 | — | 0.00 | May 12, 2023 | A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution. | |||
| CVE-2022-28394 | 0.00 | — | 0.00 | May 26, 2022 | EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was… | |||
| CVE-2022-30523 | 0.00 | — | 0.00 | May 16, 2022 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege… | |||
| CVE-2022-26337 | 0.00 | — | 0.01 | Mar 8, 2022 | Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the… | |||
| CVE-2021-32461 | 0.00 | — | 0.00 | Jul 8, 2021 | Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must… | |||
| CVE-2021-28647 | 0.00 | — | 0.00 | Apr 13, 2021 | Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. | |||
| CVE-2020-7962 | 0.00 | — | 0.01 | Nov 13, 2020 | An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password.… | |||
| CVE-2020-8469 | 0.00 | — | 0.00 | Mar 12, 2020 | Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. | |||
| CVE-2019-19696 | 0.00 | — | 0.00 | Jan 17, 2020 | A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to… | |||
| CVE-2019-15625 | 0.00 | — | 0.01 | Jan 17, 2020 | A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information. |
- risk 0.68cvss 9.8epss 0.22
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
- risk 0.49cvss 7.6epss 0.00
The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end users. Specifically, the…
- risk 0.16cvss 2.5epss 0.00
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached…
- CVE-2021-32462Jul 8, 2021risk 0.01cvss —epss 0.05
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected…
- CVE-2025-52837Jul 10, 2025risk 0.00cvss —epss 0.00
Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege…
- CVE-2025-48443Jun 17, 2025risk 0.00cvss —epss 0.00
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the…
- CVE-2024-26362Apr 10, 2024risk 0.00cvss —epss 0.01
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
- CVE-2023-48654Dec 25, 2023risk 0.00cvss —epss 0.01
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape…
- CVE-2023-51772Dec 25, 2023risk 0.00cvss —epss 0.01
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape…
- CVE-2023-4003Sep 27, 2023risk 0.00cvss —epss 0.00
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.
- CVE-2023-25428May 12, 2023risk 0.00cvss —epss 0.00
A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.
- CVE-2022-28394May 26, 2022risk 0.00cvss —epss 0.00
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was…
- CVE-2022-30523May 16, 2022risk 0.00cvss —epss 0.00
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege…
- CVE-2022-26337Mar 8, 2022risk 0.00cvss —epss 0.01
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the…
- CVE-2021-32461Jul 8, 2021risk 0.00cvss —epss 0.00
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must…
- CVE-2021-28647Apr 13, 2021risk 0.00cvss —epss 0.00
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.
- CVE-2020-7962Nov 13, 2020risk 0.00cvss —epss 0.01
An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password.…
- CVE-2020-8469Mar 12, 2020risk 0.00cvss —epss 0.00
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.
- CVE-2019-19696Jan 17, 2020risk 0.00cvss —epss 0.00
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to…
- CVE-2019-15625Jan 17, 2020risk 0.00cvss —epss 0.01
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
Page 1 of 2