Password Manager
Monthly
Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to manipulate the X-Forwarded-Host HTTP header to redirect authenticated users to attacker-controlled sites immediately following login or interface interaction. The vulnerability is particularly hazardous in the context of a credential store application, where a convincing post-login redirect to a cloned phishing interface could yield an attacker's full access to a victim's stored password vault. No public exploit code has been identified at time of analysis, and a vendor-released patch is available per the INCIBE advisory.
Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP header before using it to construct redirect URLs. Unauthenticated remote attackers can craft malicious links that, when clicked by a victim, silently redirect them to an attacker-controlled domain - a particularly dangerous vector given that the target application manages credentials. Reported by INCIBE, a vendor patch is available; no active exploitation (CISA KEV) or public exploit code has been identified at time of analysis.
Host Header Injection in Password Manager (all versions per CPE) enables remote unauthenticated attackers to manipulate the HTTP Host header, causing the application to generate crafted links or responses that reference an attacker-controlled domain. Exploitation requires active user interaction (UI:A per CVSS 4.0 vector), limiting mass exploitation but enabling targeted phishing, password-reset link hijacking, or cache poisoning affecting dependent services. No public exploit code has been identified, and INCIBE has confirmed a vendor patch is available. This vulnerability is part of a broader set of issues disclosed simultaneously in the same INCIBE advisory.
Trend Micro Password Manager (Consumer) versions 5.8.0.1327 and below contains a privilege escalation vulnerability exploiting symbolic link following and file/folder deletion capabilities. An authenticated local attacker with low privileges can leverage this vulnerability to delete arbitrary files and escalate privileges on the affected system. While no active exploitation in the wild has been publicly confirmed as of this analysis, the local attack vector and straightforward nature of symbolic link exploitation represent meaningful risk to Password Manager users.
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.
Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to manipulate the X-Forwarded-Host HTTP header to redirect authenticated users to attacker-controlled sites immediately following login or interface interaction. The vulnerability is particularly hazardous in the context of a credential store application, where a convincing post-login redirect to a cloned phishing interface could yield an attacker's full access to a victim's stored password vault. No public exploit code has been identified at time of analysis, and a vendor-released patch is available per the INCIBE advisory.
Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP header before using it to construct redirect URLs. Unauthenticated remote attackers can craft malicious links that, when clicked by a victim, silently redirect them to an attacker-controlled domain - a particularly dangerous vector given that the target application manages credentials. Reported by INCIBE, a vendor patch is available; no active exploitation (CISA KEV) or public exploit code has been identified at time of analysis.
Host Header Injection in Password Manager (all versions per CPE) enables remote unauthenticated attackers to manipulate the HTTP Host header, causing the application to generate crafted links or responses that reference an attacker-controlled domain. Exploitation requires active user interaction (UI:A per CVSS 4.0 vector), limiting mass exploitation but enabling targeted phishing, password-reset link hijacking, or cache poisoning affecting dependent services. No public exploit code has been identified, and INCIBE has confirmed a vendor patch is available. This vulnerability is part of a broader set of issues disclosed simultaneously in the same INCIBE advisory.
Trend Micro Password Manager (Consumer) versions 5.8.0.1327 and below contains a privilege escalation vulnerability exploiting symbolic link following and file/folder deletion capabilities. An authenticated local attacker with low privileges can leverage this vulnerability to delete arbitrary files and escalate privileges on the affected system. While no active exploitation in the wild has been publicly confirmed as of this analysis, the local attack vector and straightforward nature of symbolic link exploitation represent meaningful risk to Password Manager users.
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.