Every CVE whose affected-product data names Trendmicro Officescan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (71)
CVE-2018-3608 — CVSS 9.8 (critical): A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow…
CVE-2008-2433 — CVSS 9.8 (critical): The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite…
CVE-2019-18189 — CVSS 9.8 (critical): A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow…
CVE-2017-14089 — CVSS 9.8 (critical): An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access…
CVE-2020-8598 — CVSS 9.8 (critical): Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file…
CVE-2017-11393 — CVSS 9.8 (critical): Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on…
CVE-2017-11394 — CVSS 9.8 (critical): Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on…
CVE-2018-10509 — CVSS 8.8 (high): A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable…
CVE-2017-5481 — CVSS 8.8 (high): Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a…
CVE-2021-32465 — CVSS 8.8 (high): An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a…
CVE-2018-10508 — CVSS 8.8 (high): A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account…
CVE-2017-14084 — CVSS 8.1 (high): A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary…
CVE-2019-9492 — CVSS 7.8 (high): A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and…
CVE-2021-25249 — CVSS 7.8 (high): An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free…
CVE-2021-28645 — CVSS 7.8 (high): An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local…
CVE-2021-25253 — CVSS 7.8 (high): An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource…
CVE-2021-25250 — CVSS 7.8 (high): An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive…
CVE-2021-32464 — CVSS 7.8 (high): An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free…
CVE-2020-24562 — CVSS 7.8 (high): A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the…
CVE-2020-24559 — CVSS 7.8 (high): A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow…
CVE-2017-14083 — CVSS 7.5 (high): A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the…
CVE-2017-14086 — CVSS 7.5 (high): Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access…
CVE-2017-14087 — CVSS 7.5 (high): A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing…
CVE-2018-18331 — CVSS 7.5 (high): A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to…
CVE-2018-18332 — CVSS 7.5 (high): A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key…
CVE-2019-9489 — CVSS 7.5 (high): A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions…
CVE-2020-8470 — CVSS 7.5 (high): Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file…
CVE-2019-14688 — CVSS 7.0 (high): Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had…
CVE-2017-14088 — CVSS 7.0 (high): Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary…
CVE-2018-6218 — CVSS 7.0 (high): A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable…
CVE-2020-8607 — CVSS 6.7 (medium): An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection…
CVE-2021-25246 — CVSS 6.5 (medium): An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and…
CVE-2018-10358 — CVSS 6.3 (medium): A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate…
CVE-2018-10505 — CVSS 6.3 (medium): A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate…
CVE-2018-10359 — CVSS 6.3 (medium): A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate…
CVE-2017-8801 — CVSS 6.1 (medium): Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using…
CVE-2021-25248 — CVSS 5.5 (medium): An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free…
CVE-2021-28646 — CVSS 5.5 (medium): An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local…
CVE-2021-25252 — CVSS 5.5 (medium): Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may…
CVE-2021-25234 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2021-25236 — CVSS 5.3 (medium): A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security…
CVE-2021-25238 — CVSS 5.3 (medium): An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1…
CVE-2021-25239 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1…
CVE-2021-25240 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2021-25242 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2021-25243 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2021-25235 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated…
CVE-2020-28573 — CVSS 5.3 (medium): An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an…
CVE-2020-28576 — CVSS 5.3 (medium): An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an…
CVE-2020-28577 — CVSS 5.3 (medium): An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an…
CVE-2020-28582 — CVSS 5.3 (medium): An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an…
CVE-2020-28583 — CVSS 5.3 (medium): An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an…
CVE-2021-25228 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2021-25229 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated…
CVE-2021-25230 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated…
CVE-2021-25231 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2021-25232 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated…
CVE-2021-25233 — CVSS 5.3 (medium): An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security…
CVE-2017-14085 — CVSS 5.3 (medium): Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan…
CVE-2016-1223 — CVSS 5.3 (medium): Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business…
CVE-2010-0564 — CVSS 5.0 (medium): Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before…
CVE-2019-19691 — CVSS 4.9 (medium): A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page…
CVE-2018-10506 — CVSS 4.7 (medium): A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to…
CVE-2018-10507 — CVSS 4.4 (medium): A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the…
CVE-2009-1435 — CVSS 2.1 (low): NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application…