CVSS: 8.8EPSS: 4%CPEs: 7EXPL: 0CVE-2020-8468 – Trend Micro Multiple Products Content Validation Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-8468
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacant... • https://success.trendmicro.com/jp/solution/000244253 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18189
https://notcve.org/view.php?id=CVE-2019-18189
28 Oct 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones 11.0, XG) y Worry-Free Business Security (en versiones 9.5, 10.0) puede permitir a un atacante omitir una autenticación e i... • https://success.trendmicro.com/solution/000151732 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6218
https://notcve.org/view.php?id=CVE-2018-6218
16 Feb 2018 — A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Una vulnerabilidad de secuestro de DLL en Trend Micro's User-Mode Hooking Module (UMH) podría permitir que un atacante ejecute código arbitrario en un sistema vulnerable. • http://www.securityfocus.com/bid/103096 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1223
https://notcve.org/view.php?id=CVE-2016-1223
19 Jun 2016 — Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x y Worry-Free Business Security 9.0 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://esupport.trendmicro.com/solution/ja-JP/1114102.aspx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 12%CPEs: 4EXPL: 0CVE-2008-2433
https://notcve.org/view.php?id=CVE-2008-2433
27 Aug 2008 — The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." La consola de administración web en Trend Micro OfficeScan 7.0 hasta 8.0, Worry-Free Business Security 5.0,... • http://secunia.com/advisories/31373 • CWE-330: Use of Insufficiently Random Values •