CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2021-25236 – Trend Micro OfficeScan Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25236
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. Una vulnerabilidad de divulgación de información de falsificación de petición del lado del servidor (SSRF) en Trend Micro OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado localizar agentes en línea mediante un barrido específico This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-120 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2021-25241 – Trend Micro Apex One Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25241
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. Una vulnerabilidad de divulgación de información de tipo server-side request forgery (SSRF) en Trend Micro Apex One y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado localizar agentes en línea mediante un barrido This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-114 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25247
https://notcve.org/view.php?id=CVE-2021-25247
A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. Una vulnerabilidad de secuestro de DLL de Trend Micro HouseCall for Home Networks versiones 5.3.1063 y anteriores, podría permitir a un atacante utilizar una DLL maliciosa para escalar privilegios y llevar a cabo una ejecución de código arbitraria. Un atacante ya debe tener privilegios de usuario en la máquina para explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10180 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25226 – Trend Micro ServerProtect vsapiapp Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25226
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante local diseñar archivos específicos que pueden causar una denegación de servicio en el producto afectado. El fallo específico se presenta dentro de un componente de motor de escaneo. • https://success.trendmicro.com/solution/000284207 https://www.zerodayinitiative.com/advisories/ZDI-21-087 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25225 – Trend Micro ServerProtect splx_schedule_scan Memory Exhaustion Denial-Of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-25225
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante local diseñar archivos específicos que pueden causar una denegación de servicio en el producto afectado. El fallo específico se presenta dentro de un componente de escaneo programado. • https://success.trendmicro.com/solution/000284207 https://www.zerodayinitiative.com/advisories/ZDI-21-086 • CWE-400: Uncontrolled Resource Consumption •