Skip to main content

Trend Micro

478 CVEs product

Monthly

CVE-2018-6232 HIGH This Week

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Buffer Overflow Antivirus Internet Security +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-10350 HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE PHP Smart Protection Server
NVD
CVSS 3.0
8.8
EPSS
15.2%
CVE-2018-10357 HIGH This Week

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Path Traversal Endpoint Application Control
NVD
CVSS 3.0
8.8
EPSS
73.9%
CVE-2018-10356 HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-10355 HIGH This Week

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. Rated high severity (CVSS 7.0). No vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD
CVSS 3.0
7.0
EPSS
0.6%
CVE-2018-10354 HIGH This Week

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Command Injection Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
13.6%
CVE-2018-10353 MEDIUM This Month

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Information Disclosure Email Encryption Gateway
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-10352 HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-10351 HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-6231 CRITICAL Act Now

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Command Injection Smart Protection Server
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2018-6230 MEDIUM POC PATCH This Month

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
3.5%
CVE-2018-6229 CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-6228 CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-6227 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XSS Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-6226 MEDIUM POC PATCH This Month

Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XSS Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-6225 MEDIUM POC PATCH This Month

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XXE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
4.1%
CVE-2018-6224 HIGH POC PATCH This Week

A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Trend Micro Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-6223 CRITICAL POC PATCH THREAT Act Now

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Trend Micro Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.6%
CVE-2018-6222 HIGH POC PATCH This Week

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Command Injection Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-6221 HIGH POC PATCH This Week

An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Trend Micro Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
6.4%
CVE-2018-6220 CRITICAL POC PATCH THREAT Act Now

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.4%
CVE-2018-6219 MEDIUM POC This Month

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.1%
CVE-2018-6218 HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security Endpoint Sensor Officescan +2
NVD
CVSS 3.1
7.0
EPSS
1.6%
CVE-2018-3609 HIGH POC THREAT This Week

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.1
EPSS
21.8%
CVE-2018-3607 HIGH PATCH This Week

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
14.7%
CVE-2018-3606 HIGH PATCH This Week

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
49.4%
CVE-2018-3605 HIGH PATCH This Week

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
20.2%
CVE-2018-3604 HIGH PATCH This Week

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
68.6%
CVE-2018-3603 HIGH PATCH This Week

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-3602 HIGH PATCH This Week

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-3601 CRITICAL PATCH Act Now

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Trend Micro Control Manager
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-3600 MEDIUM PATCH This Month

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Trend Micro XXE Information Disclosure Control Manager
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2017-14093 MEDIUM POC PATCH This Month

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Trend Micro Scanmail
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14092 HIGH POC PATCH This Week

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Microsoft CSRF Scanmail
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-14091 HIGH POC PATCH This Week

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14090 CRITICAL POC PATCH Act Now

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Trend Micro Information Disclosure Scanmail
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2017-11397 HIGH PATCH This Week

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Trend Micro Encryption For Email
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-14089 CRITICAL POC PATCH THREAT Act Now

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.5%.

Buffer Overflow Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
31.5%
Threat
4.4
CVE-2017-14088 HIGH PATCH This Week

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Trend Micro Privilege Escalation Officescan +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-14087 HIGH POC THREAT Act Now

A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.5%.

Code Injection Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
22.5%
CVE-2017-14086 HIGH POC PATCH THREAT Act Now

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.2%.

Denial Of Service Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.2%
CVE-2017-14085 MEDIUM POC PATCH THREAT This Month

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Trend Micro PHP Information Disclosure Officescan
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
12.4%
CVE-2017-14084 HIGH POC PATCH This Week

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
7.9%
CVE-2017-14083 HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Trend Micro Information Disclosure Officescan
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
12.9%
CVE-2017-14081 HIGH PATCH Act Now

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

RCE Trend Micro Command Injection Mobile Security
NVD
CVSS 3.0
8.8
EPSS
13.3%
CVE-2017-14080 CRITICAL PATCH Act Now

Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-14079 HIGH PATCH Act Now

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.2%.

RCE Trend Micro File Upload Mobile Security
NVD
CVSS 3.0
8.8
EPSS
13.2%
CVE-2017-14078 CRITICAL PATCH Act Now

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 66.3%.

Trend Micro RCE SQLi Mobile Security
NVD
CVSS 3.0
9.8
EPSS
66.3%
Threat
4.0
CVE-2017-11396 HIGH PATCH This Week

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Trend Micro Interscan Web Security Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2017-11395 HIGH POC PATCH This Week

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection Smart Protection Server
NVD
CVSS 3.0
8.8
EPSS
8.5%
CVE-2016-6220 HIGH PATCH This Week

Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-11394 CRITICAL POC PATCH THREAT Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.7%.

RCE Trend Micro Command Injection PHP Officescan
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.7%
Threat
5.9
CVE-2017-11393 CRITICAL PATCH Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Trend Micro Command Injection PHP Officescan
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2017-11392 HIGH POC THREAT Act Now

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.9%.

RCE Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
73.9%
Threat
5.5
CVE-2017-11391 HIGH POC THREAT Act Now

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.4%.

RCE Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
81.4%
Threat
5.7
CVE-2017-11382 HIGH PATCH This Week

Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Trend Micro Information Disclosure Deep Discovery Email Inspector
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-11390 HIGH PATCH This Week

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-11389 CRITICAL PATCH Act Now

Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Trend Micro RCE Control Manager
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2017-11388 HIGH PATCH This Week

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
8.8
EPSS
5.9%
CVE-2017-11387 HIGH PATCH This Week

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Authentication Bypass Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-11386 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11385 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11384 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11383 CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi Control Manager
NVD
CVSS 3.0
9.8
EPSS
6.8%
CVE-2017-11381 CRITICAL PATCH Act Now

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5%.

Trend Micro Command Injection Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
18.5%
CVE-2017-11380 CRITICAL PATCH Act Now

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Trend Micro Authentication Bypass Deep Discovery Director
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-11379 HIGH PATCH This Week

Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Director
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-9037 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2017-9036 HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Serverprotect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-9035 HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Trend Micro Information Disclosure Serverprotect
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2017-9034 CRITICAL POC PATCH Act Now

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Trend Micro Serverprotect
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2017-9033 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro CSRF Serverprotect
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-9032 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2017-8801 MEDIUM This Month

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Officescan
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5481 HIGH PATCH This Week

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-8593 HIGH POC This Week

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trend Micro RCE Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2016-8592 HIGH POC This Week

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8591 HIGH POC This Week

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8590 HIGH POC This Week

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8589 HIGH POC This Week

log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8588 HIGH POC This Week

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-8587 HIGH POC This Week

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2016-8586 HIGH POC This Week

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2016-8585 HIGH POC This Week

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation Threat Discovery Appliance
NVD
CVSS 3.0
8.8
EPSS
7.3%
CVE-2016-8584 CRITICAL POC Act Now

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2017-7896 MEDIUM POC PATCH THREAT This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

XSS Trend Micro Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
53.3%
Threat
4.3
CVE-2016-7552 CRITICAL POC THREAT Emergency

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Path Traversal Trend Micro Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
93.0%
Threat
6.2
CVE-2016-7547 CRITICAL POC THREAT Emergency

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Trend Micro Information Disclosure Threat Discovery Appliance
NVD GitHub
CVSS 3.0
9.8
EPSS
89.4%
Threat
6.1
CVE-2017-6340 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-6339 MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
2.7%
EPSS 1% CVSS 7.8
HIGH This Week

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Buffer Overflow +4
NVD
EPSS 15% CVSS 8.8
HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Smart Protection Server (Standalone) 3.x could allow a remote attacker to execute arbitrary code on vulnerable installations due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE +2
NVD
EPSS 74% CVSS 8.8
HIGH This Week

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Path Traversal +1
NVD
EPSS 11% CVSS 8.8
HIGH This Week

A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro RCE +1
NVD
EPSS 1% CVSS 7.0
HIGH This Week

An authentication weakness vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to recover user passwords on vulnerable installations due to a flaw in the DBCrypto class. Rated high severity (CVSS 7.0). No vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD
EPSS 14% CVSS 8.8
HIGH This Week

A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro RCE Command Injection +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A SQL injection information disclosure vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to disclose sensitive information on vulnerable installations due to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Email Encryption Gateway
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Command Injection +1
NVD
EPSS 3% CVSS 6.8
MEDIUM POC PATCH This Month

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.

SQLi Trend Micro RCE +1
NVD Exploit-DB
EPSS 11% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trend Micro RCE +1
NVD Exploit-DB
EPSS 11% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Trend Micro RCE +1
NVD Exploit-DB
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XSS Email Encryption Gateway
NVD Exploit-DB
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XSS Email Encryption Gateway
NVD Exploit-DB
EPSS 4% CVSS 4.3
MEDIUM POC PATCH This Month

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro XXE Email Encryption Gateway
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Trend Micro Email Encryption Gateway
NVD Exploit-DB
EPSS 11% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Trend Micro Email Encryption Gateway
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Command Injection Email Encryption Gateway
NVD Exploit-DB
EPSS 6% CVSS 8.1
HIGH POC PATCH This Week

An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Trend Micro Email Encryption Gateway
NVD Exploit-DB
EPSS 10% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro RCE Email Encryption Gateway
NVD Exploit-DB
EPSS 4% CVSS 6.5
MEDIUM POC This Month

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Email Encryption Gateway
NVD Exploit-DB
EPSS 2% CVSS 7.0
HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security +4
NVD
EPSS 22% CVSS 8.1
HIGH POC THREAT This Week

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Trend Micro Information Disclosure Interscan Messaging Security Virtual Appliance
NVD
EPSS 15% CVSS 8.8
HIGH PATCH This Week

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE +1
NVD
EPSS 49% CVSS 8.8
HIGH PATCH This Week

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE +1
NVD
EPSS 20% CVSS 8.8
HIGH PATCH This Week

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE +1
NVD
EPSS 69% CVSS 8.8
HIGH PATCH This Week

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE +1
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE +1
NVD
EPSS 8% CVSS 8.8
HIGH PATCH This Week

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Trend Micro Control Manager
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Trend Micro XXE Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microsoft Trend Micro +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro Microsoft CSRF +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Trend Micro Encryption For Email
NVD
EPSS 32% 4.4 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.5%.

Buffer Overflow Trend Micro Officescan
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Trend Micro +3
NVD
EPSS 22% CVSS 7.5
HIGH POC THREAT Act Now

A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.5%.

Code Injection Trend Micro Officescan
NVD Exploit-DB
EPSS 14% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.2%.

Denial Of Service Trend Micro Officescan
NVD Exploit-DB
EPSS 12% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Trend Micro PHP Information Disclosure +1
NVD Exploit-DB
EPSS 8% CVSS 8.1
HIGH POC PATCH This Week

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Trend Micro Officescan
NVD Exploit-DB
EPSS 13% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Trend Micro Information Disclosure Officescan
NVD Exploit-DB
EPSS 13% CVSS 8.8
HIGH PATCH Act Now

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.3%.

RCE Trend Micro Command Injection +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Trend Micro Authentication Bypass Mobile Security
NVD
EPSS 13% CVSS 8.8
HIGH PATCH Act Now

Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.2%.

RCE Trend Micro File Upload +1
NVD
EPSS 66% 4.0 CVSS 9.8
CRITICAL PATCH Act Now

SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 66.3%.

Trend Micro RCE SQLi +1
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Trend Micro Interscan Web Security Virtual Appliance
NVD
EPSS 8% CVSS 8.8
HIGH POC PATCH This Week

Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Trend Micro Command Injection +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Information Disclosure Control Manager
NVD
EPSS 81% 5.9 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.7%.

RCE Trend Micro Command Injection +2
NVD Exploit-DB
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Trend Micro Command Injection +2
NVD
EPSS 74% 5.5 CVSS 8.8
HIGH POC THREAT Act Now

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.9%.

RCE Trend Micro Command Injection +1
NVD
EPSS 81% 5.7 CVSS 8.8
HIGH POC THREAT Act Now

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.4%.

RCE Trend Micro Command Injection +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Trend Micro Information Disclosure +1
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Trend Micro RCE +1
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro RCE SQLi +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Authentication Bypass Information Disclosure +1
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi +1
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi +1
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi +1
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro RCE SQLi +1
NVD
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5%.

Trend Micro Command Injection Deep Discovery Director
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Trend Micro Authentication Bypass Deep Discovery Director
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Director
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Authentication Bypass Serverprotect
NVD
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Trend Micro Information Disclosure Serverprotect
NVD
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Trend Micro Serverprotect
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Trend Micro CSRF Serverprotect
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Trend Micro Serverprotect
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Officescan
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Information Disclosure Officescan
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Trend Micro RCE +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass +1
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Authentication Bypass +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Authentication Bypass Threat Discovery Appliance
NVD
EPSS 53% 4.3 CVSS 6.1
MEDIUM POC PATCH THREAT This Month

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

XSS Trend Micro Interscan Messaging Security Virtual Appliance
NVD
EPSS 93% 6.2 CVSS 9.8
CRITICAL POC THREAT Emergency

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.0%.

Path Traversal Trend Micro Threat Discovery Appliance
NVD GitHub
EPSS 89% 6.1 CVSS 9.8
CRITICAL POC THREAT Emergency

A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Trend Micro Information Disclosure Threat Discovery Appliance
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy