A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
Max CVSS
9.8
EPSS Score
0.22%
Published
2023-06-26
Updated
2023-06-30
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
8.1
EPSS Score
0.08%
Published
2023-06-26
Updated
2023-06-30
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
Max CVSS
9.1
EPSS Score
0.20%
Published
2023-06-26
Updated
2023-06-30
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-12-12
Updated
2022-12-14
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.
Max CVSS
7.5
EPSS Score
0.19%
Published
2022-01-20
Updated
2022-01-27
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
Max CVSS
7.5
EPSS Score
0.34%
Published
2020-11-18
Updated
2020-12-02

CVE-2020-8604

Public exploit
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
Max CVSS
7.5
EPSS Score
97.28%
Published
2020-05-27
Updated
2022-04-27
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.
Max CVSS
9.8
EPSS Score
1.22%
Published
2020-03-18
Updated
2020-03-20
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.
Max CVSS
7.5
EPSS Score
0.42%
Published
2020-12-17
Updated
2021-07-21
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
Max CVSS
10.0
EPSS Score
0.27%
Published
2019-10-28
Updated
2019-11-05

CVE-2019-18187

Known exploited
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
Max CVSS
7.5
EPSS Score
11.31%
Published
2019-10-28
Updated
2019-10-31
CISA KEV Added
2021-11-03
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-04-05
Updated
2021-09-24
A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations.
Max CVSS
9.8
EPSS Score
0.43%
Published
2018-08-15
Updated
2018-10-12
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability.
Max CVSS
9.0
EPSS Score
2.39%
Published
2018-05-23
Updated
2018-06-26
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
Max CVSS
9.8
EPSS Score
8.06%
Published
2017-08-02
Updated
2017-08-06
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
Max CVSS
8.8
EPSS Score
0.23%
Published
2017-04-28
Updated
2017-05-10

CVE-2016-7552

Public exploit
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
Max CVSS
10.0
EPSS Score
96.71%
Published
2017-04-12
Updated
2017-04-17
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
Max CVSS
9.1
EPSS Score
0.47%
Published
2017-01-30
Updated
2021-09-09
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
5.3
EPSS Score
0.22%
Published
2016-06-19
Updated
2021-08-12
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!