Page 6 of 75 results (0.012 seconds)

CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. Una vulnerabilidad de divulgación de información de falsificación de petición del lado del servidor (SSRF) en Trend Micro OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado localizar agentes en línea mediante un barrido específico This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-120 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. Una vulnerabilidad de divulgación de información de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podría permitir a un usuario no autenticado conectarse al servidor del producto y revelar información sobre la versión, la compilación y el parche This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000281947 https://success.trendmicro.com/solution/000281949 https://www.zerodayinitiative.com/advisories/ZDI-20-1387 •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. Una vulnerabilidad de divulgación de información de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podría permitir a un usuario no autenticado conectarse al servidor del producto y revelar la cantidad de agentes administrados This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000281947 https://success.trendmicro.com/solution/000281949 https://www.zerodayinitiative.com/advisories/ZDI-20-1386 •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. Una vulnerabilidad de divulgación de información de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podría permitir a un usuario no autenticado conectarse al servidor del producto y revelar el total de agentes administrados por el servidor This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000281947 https://success.trendmicro.com/solution/000281949 https://www.zerodayinitiative.com/advisories/ZDI-20-1374 •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. Una vulnerabilidad de divulgación de información de control de acceso inapropiado en Trend Micro Apex One y OfficeScan XG SP1, podría permitir a un usuario no autenticado conectarse al servidor del producto y revelar información de versión y compilación This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000281947 https://success.trendmicro.com/solution/000281949 https://www.zerodayinitiative.com/advisories/ZDI-20-1375 •