CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24564 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24564
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1219 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25773 – Trend Micro OfficeScan ServerMigrationTool DAT File Parsing Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25773
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. Una vulnerabilidad en el componente ServerMigrationTool de Trend Micro Apex One, podría permitir a un atacante ejecutar código arbitrario en los productos afectados. Es requerida una interacción del usuario para explotar esta vulnerabilidad, ya que el objetivo debe importar un archivo de configuración dañado This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro OfficeScan ServerMigrationTool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DAT files. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1224 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25771 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25771
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1223 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25772 – Trend Micro Apex One scanServer64 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25772
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One, puede permitir a un atacante local divulgar información confidencial a una cuenta poco privilegiada en instalaciones vulnerables del producto. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado sobre el objetivo a fin de explotar estas vulnerabilidades. • https://success.trendmicro.com/solution/000271974 https://www.zerodayinitiative.com/advisories/ZDI-20-1222 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-24558 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24558
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad en una dll de Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 y Worry-Free Business Security Services dll, puede permitir a un atacante manipularla para causar una lectura fuera de límites que bloquee varios procesos en el producto. Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema de objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within OfcPIPC_64x.dll. • https://success.trendmicro.com/solution/000263632 https://success.trendmicro.com/solution/000267260 https://www.zerodayinitiative.com/advisories/ZDI-20-1095 • CWE-125: Out-of-bounds Read •