CVSS: 9.4EPSS: 1%CPEs: 7EXPL: 0CVE-2020-8470
https://notcve.org/view.php?id=CVE-2020-8470
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atacante eliminar cualquier a... • https://success.trendmicro.com/jp/solution/000244253 •
CVSS: 10.0EPSS: 12%CPEs: 7EXPL: 0CVE-2020-8598
https://notcve.org/view.php?id=CVE-2020-8598
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. El servidor de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), contienen un archivo DLL de servicio vulnerable que podría permitir a un atac... • https://success.trendmicro.com/jp/solution/000244253 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 6%CPEs: 7EXPL: 0CVE-2020-8468 – Trend Micro Multiple Products Content Validation Escape Vulnerability
https://notcve.org/view.php?id=CVE-2020-8468
18 Mar 2020 — Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Los agentes de Trend Micro Apex One (2019), OfficeScan XG y Worry-Free Business Security versiones (9.0, 9.5, 10.0), están afectados por una vulnerabilidad de escape de comprobación de contenido que podría permitir a un atacant... • https://success.trendmicro.com/jp/solution/000244253 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2020-8600 – Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-8600
17 Mar 2020 — Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Trend Micro Worry-Free Business Security versiones (9.0, 9.5, 10.0), está afectado por una vulnerabilidad de salto del directorio que podría permitir a un atacante manipular un archivo de clave para omitir una autenticación. This vulnerability allows remote attackers to bypass authentication on affected installations of T... • https://success.trendmicro.com/jp/solution/000244836 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18189
https://notcve.org/view.php?id=CVE-2019-18189
28 Oct 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones 11.0, XG) y Worry-Free Business Security (en versiones 9.5, 10.0) puede permitir a un atacante omitir una autenticación e i... • https://success.trendmicro.com/solution/000151732 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-9489
https://notcve.org/view.php?id=CVE-2019-9489
05 Apr 2019 — A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Una vulnerabilidad de salto de directorio en Trend Micro Apex One, OfficeScan (en versiones XG y 11.0) y Worry-Free Business Security (en versiones 10.0, 9.5 y 9.0) podría permitir que un atacante modifique archivos arbitrarios en la consola de gestión del p... • https://success.trendmicro.com/jp/solution/1122253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6218
https://notcve.org/view.php?id=CVE-2018-6218
16 Feb 2018 — A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Una vulnerabilidad de secuestro de DLL en Trend Micro's User-Mode Hooking Module (UMH) podría permitir que un atacante ejecute código arbitrario en un sistema vulnerable. • http://www.securityfocus.com/bid/103096 • CWE-426: Untrusted Search Path •