VYPR

Officescan

by Trend Micro

CVEs (97)

  • CVE-2021-25228Feb 4, 2021
    risk 0.00cvss epss 0.02

    An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.

  • CVE-2020-28583Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.

  • CVE-2020-28582Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.

  • CVE-2020-28576Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.

  • CVE-2020-28577Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.

  • CVE-2020-28573Dec 1, 2020
    risk 0.00cvss epss 0.03

    An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.

  • CVE-2020-24562Sep 28, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute…

  • CVE-2020-24556Sep 1, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a…

  • CVE-2020-8470Mar 18, 2020
    risk 0.00cvss epss 0.04

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this…

  • CVE-2019-19691Dec 20, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this…

  • CVE-2019-18189Oct 28, 2019
    risk 0.00cvss epss 0.05

    A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not…

  • CVE-2019-9492Jul 26, 2019
    risk 0.00cvss epss 0.01

    A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access…

  • CVE-2019-9489Apr 5, 2019
    risk 0.00cvss epss 0.02

    A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.

  • CVE-2018-18332Dec 21, 2018
    risk 0.00cvss epss 0.01

    A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.

  • CVE-2018-18331Dec 21, 2018
    risk 0.00cvss epss 0.01

    A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.

  • CVE-2010-0564Feb 10, 2010
    risk 0.00cvss epss 0.02

    Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this…

  • CVE-2008-3866Jan 21, 2009
    risk 0.00cvss epss 0.00

    The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the…

  • CVE-2008-3864Jan 21, 2009
    risk 0.00cvss epss 0.02

    The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service…

  • CVE-2008-4403Oct 3, 2008
    risk 0.00cvss epss 0.03

    The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling…

  • CVE-2008-4402Oct 3, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.

Page 4 of 5