Skip to main content

Deep Security

5 CVEs product

Monthly

CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-8607 MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit Apex One Deep Security +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2019-15627 HIGH POC This Week

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Microsoft Information Disclosure Deep Security
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
1.3%
CVE-2019-15626 HIGH PATCH This Week

The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Deep Security
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-6218 HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security Endpoint Sensor Officescan +2
NVD
CVSS 3.1
7.0
EPSS
1.6%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central +18
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit +11
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Microsoft Information Disclosure +1
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Deep Security
NVD
EPSS 2% CVSS 7.0
HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy