CVSS: 8.1EPSS: 3%CPEs: 5EXPL: 0CVE-2020-15605 – Trend Micro Vulnerability Protection Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-15605
27 Aug 2020 — If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. Si la autenticación LDAP está habilitada, una vulnerabilidad de omisión de autenticación ... • https://success.trendmicro.com/solution/000252039 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 3%CPEs: 5EXPL: 0CVE-2020-15601 – Trend Micro Deep Security Manager Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-15601
21 Aug 2020 — If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability. Si la autenticación LDAP está habilitada, una vulnerabilidad de omisión de autenticación LDAP en T... • https://success.trendmicro.com/solution/000252039 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2020-8607
https://notcve.org/view.php?id=CVE-2020-8607
05 Aug 2020 — An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.... • https://jvn.jp/en/vu/JVNVU99160193/index.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-18191
https://notcve.org/view.php?id=CVE-2019-18191
16 Dec 2019 — A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. Una vulnerabilidad de escalada de privilegios en la plantilla de formación en la nube de Trend Micro Deep Security as a Service Quick Setup, podría permitir que una entidad autenticada con ciertos privilegios de ejecución AWS sin restricciones... • https://success.trendmicro.com/solution/000157758 • CWE-459: Incomplete Cleanup •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 2CVE-2019-15627 – Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2019-15627
17 Oct 2019 — Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected. Las versiones 10.0, 11.0 y 12.0 del Trend Micro Deep Security Agent son vulnerables a un ataque de eliminación de archivos arbitrarios, lo que puede tener un impacto en la disponibilidad. Es requerido un acceso local al sistema operativo. • https://packetstorm.news/files/id/155579 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-15626
https://notcve.org/view.php?id=CVE-2019-15626
17 Oct 2019 — The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. La aplicación Deep Security Manager (versiones 10.0, 11.0 y 12.0), cuando está configurada de cierta manera, puede transmitir la comunicación LDAP inicial en texto sin cifrar. Esto puede tener un impacto en la confidencialidad, pero no afecta la integridad o la di... • https://success.trendmicro.com/solution/000149495 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2019-9488
https://notcve.org/view.php?id=CVE-2019-9488
11 Sep 2019 — Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). Trend Micro Deep Security Manager (versiones 10.x, 11.x) y Vulnerability Protection (versión 2.0) son vulnerables a un ataque de tipo XML External Entity. Sin embargo, para que el ataque sea posible, el ataca... • https://success.trendmicro.com/solution/1122900 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6218
https://notcve.org/view.php?id=CVE-2018-6218
16 Feb 2018 — A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Una vulnerabilidad de secuestro de DLL en Trend Micro's User-Mode Hooking Module (UMH) podría permitir que un atacante ejecute código arbitrario en un sistema vulnerable. • http://www.securityfocus.com/bid/103096 • CWE-426: Untrusted Search Path •