Officescan

officescan

Vendor: Trendmicro • 71 CVEs

CVEs (71)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25233 1Trendmicro 3Apex One OfficescanWorry Free Business Security Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific...Show more An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.Show less
CVE-2021-25232 1Trendmicro 2Apex One Officescan Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
CVE-2021-25231 1Trendmicro 3Apex One OfficescanWorry Free Business Security Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific...Show more An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.Show less
CVE-2021-25230 1Trendmicro 2Apex One Officescan Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
CVE-2021-25229 1Trendmicro 2Apex One Officescan Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
CVE-2021-25228 1Trendmicro 3Apex One OfficescanWorry Free Business Security Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix his...Show more An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.Show less
CVE-2020-28583 1Trendmicro 2Apex One Officescan Nov 21, 2024 Dec 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch infor...Show more An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.Show less
CVE-2020-28582 1Trendmicro 2Apex One Officescan Nov 21, 2024 Dec 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28577 1Trendmicro 2Apex One Officescan Nov 21, 2024 Dec 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28576 1Trendmicro 2Apex One Officescan Nov 21, 2024 Dec 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28573 1Trendmicro 2Apex One Officescan Nov 21, 2024 Dec 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by th...Show more An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.Show less
CVE-2020-24562 1Trendmicro 1Officescan Nov 21, 2024 Sep 29, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code executi...Show more A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556.Show less
CVE-2020-24559 1Trendmicro 4Apex One OfficescanWorry Free Business Security+1 more Nov 21, 2024 Sep 1, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-...Show more A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2020-8607 1Trendmicro 12Antivirus Toolkit Apex OneDeep Security+9 more Nov 21, 2024 Aug 5, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse...Show more An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.Show less
CVE-2020-8599 1Trendmicro 2Apex One Officescan Oct 31, 2025 Mar 18, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authenti...Show more Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.Show less
CVE-2020-8598 1Trendmicro 3Apex One OfficescanWorry Free Business Security Nov 21, 2024 Mar 18, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installa...Show more Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.Show less
CVE-2020-8470 1Trendmicro 3Apex One OfficescanWorry Free Business Security Nov 21, 2024 Mar 18, 2020 N/A· v4 7.5 HIGH· v3 9.4 HIGH· v2 Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level p...Show more Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.Show less
CVE-2020-8468 1Trendmicro 3Apex One OfficescanWorry Free Business Security Oct 31, 2025 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent clie...Show more Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.Show less
CVE-2020-8467 1Trendmicro 2Apex One Officescan Oct 31, 2025 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requi...Show more A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.Show less
CVE-2019-14688 1Trendmicro 8Control Manager Endpoint SensorIm Security+5 more Nov 21, 2024 Feb 20, 2020 N/A· v4 7.0 HIGH· v3 5.1 MEDIUM· v2 Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installat...Show more Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.Show less

Previous 123 4 Next