CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0CVE-2020-8607
https://notcve.org/view.php?id=CVE-2020-8607
05 Aug 2020 — An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.... • https://jvn.jp/en/vu/JVNVU99160193/index.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •