Summary
| Detail | |||
|---|---|---|---|
| Vendor | Trendmicro | First view | 2010-02-09 |
| Product | Officescan | Last view | 2021-08-04 |
| Version | xg | Type | Application |
| Update | sp1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:trendmicro:officescan | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2021-08-04 | CVE-2021-32465 | An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-08-04 | CVE-2021-32464 | An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-07-29 | CVE-2021-36742 | A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 8.8 | 2021-07-29 | CVE-2021-36741 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability. |
| 5.5 | 2021-04-13 | CVE-2021-28646 | An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. |
| 7.8 | 2021-04-13 | CVE-2021-28645 | An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-04-13 | CVE-2021-25253 | An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-04-13 | CVE-2021-25250 | An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-02-04 | CVE-2021-25249 | An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 5.5 | 2021-02-04 | CVE-2021-25248 | An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 6.5 | 2021-02-04 | CVE-2021-25246 | An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries. |
| 5.3 | 2021-02-04 | CVE-2021-25243 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. |
| 5.3 | 2021-02-04 | CVE-2021-25242 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. |
| 5.3 | 2021-02-04 | CVE-2021-25240 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. |
| 5.3 | 2021-02-04 | CVE-2021-25239 | An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. |
| 5.3 | 2021-02-04 | CVE-2021-25238 | An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. |
| 5.3 | 2021-02-04 | CVE-2021-25236 | A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. |
| 5.3 | 2021-02-04 | CVE-2021-25235 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file. |
| 5.3 | 2021-02-04 | CVE-2021-25234 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file. |
| 5.3 | 2021-02-04 | CVE-2021-25233 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. |
| 5.3 | 2021-02-04 | CVE-2021-25232 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. |
| 5.3 | 2021-02-04 | CVE-2021-25231 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. |
| 5.3 | 2021-02-04 | CVE-2021-25230 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file. |
| 5.3 | 2021-02-04 | CVE-2021-25229 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. |
| 5.3 | 2021-02-04 | CVE-2021-25228 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (11) | CWE-200 | Information Exposure |
| 11% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 8% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 8% (3) | CWE-20 | Improper Input Validation |
| 5% (2) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 5% (2) | CWE-269 | Improper Privilege Management |
| 5% (2) | CWE-125 | Out-of-bounds Read |
| 5% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 2% (1) | CWE-787 | Out-of-bounds Write |
| 2% (1) | CWE-494 | Download of Code Without Integrity Check |
| 2% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 2% (1) | CWE-306 | Missing Authentication for Critical Function |
| 2% (1) | CWE-281 | Improper Preservation of Permissions |
| 2% (1) | CWE-276 | Incorrect Default Permissions |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62110 | Trend Micro OfficeScan URL Filtering Engine Unspecified Overflow DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-02-19 | Name : Trend Micro OfficeScan URL Filtering Engine Buffer Overflow Vulnerability File : nvt/secpod_trendmicro_officescan_url_filt_bof_vuln.nasl |
