CVSS: 4.9EPSS: 0%CPEs: 30EXPL: 0CVE-2019-9488
https://notcve.org/view.php?id=CVE-2019-9488
Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM). Trend Micro Deep Security Manager (versiones 10.x, 11.x) y Vulnerability Protection (versión 2.0) son vulnerables a un ataque de tipo XML External Entity. Sin embargo, para que el ataque sea posible, el atacante debe tener acceso root/admin a un host protegido que esté autorizado para comunicarse con el Deep Security Manager (DSM). • https://success.trendmicro.com/solution/1122900 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-14686
https://notcve.org/view.php?id=CVE-2019-14686
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges. Existe una vulnerabilidad de secuestro de DLL en el componente Folder Shield de la familia de productos de consumo de Trend Micro Security 2019 (v15) y la herramienta independiente Trend Micro Ransom Buster (1.0) en la que, si se explota, permitiría a un atacante cargar una DLL maliciosa, lo que llevaría a Privilegios elevados. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14685
https://notcve.org/view.php?id=CVE-2019-14685
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. Existe una vulnerabilidad de escalada de privilegios locales en Trend Micro Security 2019 (v15.0) en la que, si se explota, permitiría a un atacante manipular una característica específica del producto para cargar un servicio malicioso. • http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html http://seclists.org/fulldisclosure/2019/Aug/26 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del producto afectado. • https://success.trendmicro.com/jp/solution/1122253 https://success.trendmicro.com/solution/1122250 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9490
https://notcve.org/view.php?id=CVE-2019-9490
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance version 6.5 SP2 could allow an non-authorized user to disclose administrative credentials. An attacker must be an authenticated user in order to exploit the vulnerability. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance, en su versión 6.5 SP2, podría permitir a un usuario no autorizado divulgar credenciales administrativas. Un atacante debe ser un usuario autenticado para explotar esta vulnerabilidad. • http://www.securityfocus.com/bid/107848 https://success.trendmicro.com/solution/1122326 •