CVE-2017-5481

Published: May 3, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.

Affected (2)

Products: Trendmicro: Officescan

Trendmicro

1 product

Officescan

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Officescan	Version 11.0
Trendmicro Officescan	Version 12.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/98007

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/1117204

Source: cve@mitre.org

MitigationPatchVendor Advisory

http://www.securityfocus.com/bid/98007

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/1117204

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationPatchVendor Advisory

Timeline

No history available yet.