Skip to main content

Scanmail

6 CVEs product

Monthly

CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2017-14093 MEDIUM POC PATCH This Month

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Trend Micro Scanmail
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14092 HIGH POC PATCH This Week

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Microsoft CSRF Scanmail
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14091 HIGH POC PATCH This Week

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14090 CRITICAL POC PATCH Act Now

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2015-3326 MEDIUM This Month

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft Scanmail
NVD
CVSS 2.0
5.0
EPSS
0.4%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central +18
NVD
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Trend Micro +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Microsoft CSRF +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy