CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25243 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25243
29 Jan 2021 — An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información a nivel de parche This vulnerability allows remote attackers to di... • https://success.trendmicro.com/solution/000284202 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25244 – Trend Micro Worry-Free Business Security Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25244
29 Jan 2021 — An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton. Una vulnerabilidad de control de acceso inadecuada en Worry-Free Business Security versión 10.0 SP1 podría permitir a un usuario no autenticado obtener varios elementos de información de configuración This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Worry-Free Business ... • https://success.trendmicro.com/solution/000284206 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25245 – Trend Micro Worry-Free Business Security Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25245
29 Jan 2021 — An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. Una vulnerabilidad de control de acceso inadecuada en Worry-Free Business Security versión 10.0 SP1 podría permitir a un usuario no autenticado obtener varios datos de configuración This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Worry-Free Business Security. Authentication... • https://success.trendmicro.com/solution/000284206 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25246 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25246
29 Jan 2021 — An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries. Una vulnerabilidad de divulgación de información del control de acceso inapropiado en Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1 y Worry-Free Business Security, podría permitir que un usua... • https://success.trendmicro.com/solution/000284202 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25248 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25248
29 Jan 2021 — An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One (on pre... • https://success.trendmicro.com/solution/000284202 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25249 – Trend Micro Apex One TmCCSF Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25249
29 Jan 2021 — An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información de escritura fuera de límites en Trend Micro Apex One (on... • https://success.trendmicro.com/solution/000284202 • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27010
https://notcve.org/view.php?id=CVE-2020-27010
17 Dec 2020 — A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante manipular la interfaz web del producto de una manera diferente del CVE-2020-8462 similar • https://success.trendmicro.com/solution/000283077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8461 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8461
17 Dec 2020 — A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. Una vulnerabilidad de omisión de protección CSRF en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante conseguir que el navegador de la víctima envíe una petición codificada específicamente sin requerir un token CSRF válido Trend Mic... • https://packetstorm.news/files/id/160602 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8462 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8462
17 Dec 2020 — A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. Una vulnerabilidad de tipo cross-site scripting (XSS) en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante manipular a la interfaz web del producto Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 SP2 EN Patch 4 Build 1919 suffers from bypass, command... • https://packetstorm.news/files/id/160602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2020-8463 – Trend Micro IWSVA CSRF / XSS / Bypass / SSRF / Code Execution
https://notcve.org/view.php?id=CVE-2020-8463
17 Dec 2020 — A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. Una vulnerabilidad en Trend Micro InterScan Web Security Virtual Appliance versión 6.5 SP2, podría permitir a un atacante omitir una comprobación de autorización global para usuarios anónimos mediante la manipulación de rutas de petición Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versions below 6.5 ... • https://packetstorm.news/files/id/160602 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •