CVSS: 8.8EPSS: 6%CPEs: 7EXPL: 0CVE-2020-8468 – Trend Micro Multiple Products Content Validation Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-8468
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacant... • https://success.trendmicro.com/jp/solution/000244253 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19694
https://notcve.org/view.php?id=CVE-2019-19694
20 Feb 2020 — The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.. La familia de productos del consumidor de Trend Micro Security 2019 (versiones 15.0.0.1163 y posteriores), es vulnerable a un ataque de denegación de servicio (DoS) en el que un actor ... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
20 Feb 2020 — Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios... • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19691
https://notcve.org/view.php?id=CVE-2019-19691
20 Dec 2019 — A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. Una vulnerabilidad en Trend Micro Apex One y OfficeScan XG, podría permitir a un atacante exponer una clave de credencial enmascarada mediante la manipulación de elementos de la página utilizando herramientas de desarrollo. ... • https://success.trendmicro.com/solution/000159568 •
CVSS: 7.5EPSS: 73%CPEs: 4EXPL: 0CVE-2019-18187 – Trend Micro OfficeScan Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2019-18187
28 Oct 2019 — Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. Las versiones 11.0 y XG (12.0) de Trend M... • https://success.trendmicro.com/solution/000151730 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18189
https://notcve.org/view.php?id=CVE-2019-18189
28 Oct 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones 11.0, XG) y Worry-Free Business Security (en versiones 9.5, 10.0) puede permitir a un atacante omitir una autenticación e i... • https://success.trendmicro.com/solution/000151732 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9492
https://notcve.org/view.php?id=CVE-2019-9492
26 Jul 2019 — A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. Una vulnerabilidad de carga lateral de DLL en OfficeScan de Trend Micro versión 11.0 SP1 y XG, podría permitir a un atacante autenticado conseguir la ejecución de código y terminar el proceso del producto, ... • https://success.trendmicro.com/solution/1123045 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18331
https://notcve.org/view.php?id=CVE-2018-18331
21 Dec 2018 — A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. Una vulnerabilidad de permisos de archivo débiles en Trend Micro OfficeScan XG para una carpeta en concreto de un grupo especifico podría permitir que un atacante altere los archivos, lo que podría conducir a otros exploits en instalaciones vulnerables. • https://success.trendmicro.com/solution/1121674 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18332
https://notcve.org/view.php?id=CVE-2018-18332
21 Dec 2018 — A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. Una vulnerabilidad de permisos de archivo débiles en Trend Micro OfficeScan XG podría permitir que un atacante manipule los permisos en algunos archivos clave para poder modificar otros archivos y carpetas en instalaciones vulnerables. • https://success.trendmicro.com/solution/1121674 • CWE-732: Incorrect Permission Assignment for Critical Resource •