CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2020-8607
https://notcve.org/view.php?id=CVE-2020-8607
05 Aug 2020 — An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.... • https://jvn.jp/en/vu/JVNVU99160193/index.html • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-8470
https://notcve.org/view.php?id=CVE-2020-8470
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante eliminar cualquier a... • https://success.trendmicro.com/jp/solution/000244253 •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2020-8598
https://notcve.org/view.php?id=CVE-2020-8598
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atac... • https://success.trendmicro.com/jp/solution/000244253 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-8468 – Trend Micro Multiple Products Content Validation Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-8468
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacant... • https://success.trendmicro.com/jp/solution/000244253 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18189
https://notcve.org/view.php?id=CVE-2019-18189
28 Oct 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones 11.0, XG) y Worry-Free Business Security (en versiones 9.5, 10.0) puede permitir a un atacante omitir una autenticación e i... • https://success.trendmicro.com/solution/000151732 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6218
https://notcve.org/view.php?id=CVE-2018-6218
16 Feb 2018 — A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Una vulnerabilidad de secuestro de DLL en Trend Micro's User-Mode Hooking Module (UMH) podría permitir que un atacante ejecute código arbitrario en un sistema vulnerable. • http://www.securityfocus.com/bid/103096 • CWE-426: Untrusted Search Path •