Filtered by vendor Trendmicro Subscriptions
Filtered by product Apex One Subscriptions
Total 145 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-8467 1 Trendmicro 2 Apex One, Officescan 2024-11-21 8.8 High
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
CVE-2020-28583 1 Trendmicro 2 Apex One, Officescan 2024-11-21 5.3 Medium
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
CVE-2020-28582 1 Trendmicro 2 Apex One, Officescan 2024-11-21 5.3 Medium
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28577 1 Trendmicro 2 Apex One, Officescan 2024-11-21 5.3 Medium
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28576 1 Trendmicro 2 Apex One, Officescan 2024-11-21 5.3 Medium
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28573 1 Trendmicro 2 Apex One, Officescan 2024-11-21 5.3 Medium
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
CVE-2020-28572 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.8 High
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
CVE-2020-25774 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 4.3 Medium
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-25773 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.8 High
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
CVE-2020-25772 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 5.5 Medium
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
CVE-2020-25771 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 5.5 Medium
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
CVE-2020-25770 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 5.5 Medium
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.
CVE-2020-24565 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 5.5 Medium
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.
CVE-2020-24564 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 5.5 Medium
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24565 and CVE-2020-25770.
CVE-2020-24563 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.8 High
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.
CVE-2020-24559 3 Apple, Microsoft, Trendmicro 6 Macos, Windows, Apex One and 3 more 2024-11-21 7.8 High
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-24558 3 Apple, Microsoft, Trendmicro 5 Macos, Windows, Apex One and 2 more 2024-11-21 7.1 High
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2020-24557 2 Microsoft, Trendmicro 3 Windows, Apex One, Worry-free Business Security 2024-11-21 7.8 High
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
CVE-2020-24556 3 Apple, Microsoft, Trendmicro 5 Macos, Windows, Apex One and 2 more 2024-11-21 7.8 High
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
CVE-2019-9489 2 Microsoft, Trendmicro 6 Windows, Apex One, Apex One As A Service and 3 more 2024-11-21 N/A
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.