Skip to main content

Trend Micro

478 CVEs product

Monthly

CVE-2017-6338 MEDIUM POC PATCH This Month

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-9319 MEDIUM PATCH This Month

There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Trend Micro Information Disclosure Mobile Security
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-5565 MEDIUM This Month

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Antivirus Internet Security Maximum Security +1
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2017-6398 HIGH POC THREAT Act Now

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.6%.

Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
64.6%
Threat
5.2
CVE-2017-6798 HIGH PATCH This Week

Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Trend Micro Endpoint Sensor
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2016-9316 MEDIUM POC PATCH This Month

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2016-9315 HIGH POC This Week

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.9%
CVE-2016-9314 HIGH POC PATCH This Week

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2016-9269 CRITICAL POC PATCH Act Now

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
CVSS 3.0
9.9
EPSS
6.8%
CVE-2016-6270 HIGH POC This Week

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Virtual Mobile Infrastructure
NVD
CVSS 3.1
8.8
EPSS
8.4%
CVE-2016-6269 CRITICAL POC PATCH Act Now

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Trend Micro PHP Smart Protection Server
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2016-6268 HIGH POC PATCH This Week

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Trend Micro Privilege Escalation Smart Protection Server
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-6267 HIGH POC PATCH THREAT Act Now

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Trend Micro PHP Information Disclosure Smart Protection Server
NVD
CVSS 3.1
8.8
EPSS
72.5%
Threat
5.4
CVE-2016-6266 HIGH POC PATCH This Week

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro PHP Information Disclosure Smart Protection Server
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2016-5840 HIGH POC This Week

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Deep Discovery Inspector
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
7.1%
CVE-2016-1226 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Internet Security
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1225 MEDIUM This Month

Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Internet Security
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-1224 MEDIUM This Month

CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2016-1223 MEDIUM This Month

Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Microsoft Officescan Worry Free Business Security +1
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2016-3664 HIGH This Week

Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Trend Micro Information Disclosure Mobile Security
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-4351 CRITICAL Act Now

SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro SQLi Email Encryption Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2016-3987 CRITICAL POC THREAT Emergency

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.1%.

Trend Micro Authentication Bypass Password Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
43.1%
Threat
4.8
CVE-2015-2873 MEDIUM PATCH This Month

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Inspector
NVD
CVSS 2.0
5.5
EPSS
2.5%
CVE-2015-2872 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Trend Micro Deep Discovery Inspector
NVD
CVSS 2.0
4.3
EPSS
2.6%
CVE-2015-3326 MEDIUM This Month

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft Scanmail
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-9641 HIGH POC This Week

The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Tmeext Sys
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.5%
CVE-2014-8510 MEDIUM This Month

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3922 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Messaging Security Virtual Appliance
NVD
CVSS 2.0
4.3
EPSS
1.1%
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Antivirus +3
NVD
EPSS 65% 5.2 CVSS 8.8
HIGH POC THREAT Act Now

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.6%.

Trend Micro Command Injection Interscan Messaging Security Virtual Appliance
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Trend Micro Endpoint Sensor
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trend Micro Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 6% CVSS 8.8
HIGH POC This Week

Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 7% CVSS 9.9
CRITICAL POC PATCH Act Now

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro Privilege Escalation Interscan Web Security Virtual Appliance
NVD Exploit-DB
EPSS 8% CVSS 8.8
HIGH POC This Week

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Virtual Mobile Infrastructure
NVD
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Trend Micro PHP +1
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Trend Micro Privilege Escalation +1
NVD
EPSS 73% 5.4 CVSS 8.8
HIGH POC PATCH THREAT Act Now

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Trend Micro PHP Information Disclosure +1
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro PHP Information Disclosure +1
NVD
EPSS 7% CVSS 7.2
HIGH POC This Week

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Deep Discovery Inspector
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Internet Security
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Internet Security
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Worry Free Business Security +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Microsoft +3
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro SQLi Email Encryption Gateway
NVD
EPSS 43% 4.8 CVSS 9.8
CRITICAL POC THREAT Emergency

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.1%.

Trend Micro Authentication Bypass Password Manager
NVD Exploit-DB
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Information Disclosure Deep Discovery Inspector
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Trend Micro +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Microsoft +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Privilege Escalation Tmeext Sys
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM This Month

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Interscan Web Security Virtual Appliance
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Trend Micro Interscan Messaging Security Virtual Appliance
NVD
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy