Search criteria

4 vulnerabilities found for OfficeScan by Trend Micro, Inc.

JVNDB-2019-011088

Vulnerability from jvndb - Published: 2019-10-30 10:59 - Updated:2019-12-02 16:08
Severity ?
8.2 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Summary
Trend Micro OfficeScan vulnerable to directory traversal
Details
Trend Micro OfficeScan contains a directory traversal vulnerability (CWE-22). If this vulnerability is exploited, an authenticated user on the administrative console of the affected product may upload an arbitrary zip file to the specific folder, then extract and execute it. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-011088.html",
  "dc:date": "2019-12-02T16:08+09:00",
  "dcterms:issued": "2019-10-30T10:59+09:00",
  "dcterms:modified": "2019-12-02T16:08+09:00",
  "description": "Trend Micro OfficeScan contains a directory traversal vulnerability (CWE-22).\r\nIf this vulnerability is exploited, an authenticated user on the administrative console of the affected product may upload an arbitrary zip file to the specific folder, then extract and execute it.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-011088.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
    "@product": "OfficeScan",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.2",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-011088",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96213168/",
      "@id": "JVNVU#96213168",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18187",
      "@id": "CVE-2019-18187",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-18187",
      "@id": "CVE-2019-18187",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Trend Micro OfficeScan vulnerable to directory traversal"
}

JVNDB-2018-000013

Vulnerability from jvndb - Published: 2018-02-15 16:39 - Updated:2018-04-11 12:23
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Insecure DLL Loading issue in multiple Trend Micro products
Details
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427). When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded. Hidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
  "dc:date": "2018-04-11T12:23+09:00",
  "dcterms:issued": "2018-02-15T16:39+09:00",
  "dcterms:modified": "2018-04-11T12:23+09:00",
  "description": "Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427).\r\n When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded.\r\n\r\nHidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:business_security",
      "@product": "Worry-Free Business Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:business_security_services",
      "@product": "Worry-Free Business Security Services",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security",
      "@product": "Trend Micro Deep Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:endpoint_sensor",
      "@product": "Trend Micro Endpoint Sensor",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:security",
      "@product": "Trend Micro Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
      "@product": "OfficeScan",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000013",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN28865183/index.html",
      "@id": "JVN#28865183",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6218",
      "@id": "CVE-2018-6218",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-6218",
      "@id": "CVE-2018-6218",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20180215-jvn.html",
      "@id": "Security Alert for Vulnerability in multiple Trend Micro products (JVN#28865183)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Insecure DLL Loading issue in multiple Trend Micro products"
}

JVNDB-2016-000074

Vulnerability from jvndb - Published: 2016-06-02 16:18 - Updated:2016-06-22 17:56
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Trend Micro enterprise products directory traversal vulnerability
Details
Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html",
  "dc:date": "2016-06-22T17:56+09:00",
  "dcterms:issued": "2016-06-02T16:18+09:00",
  "dcterms:modified": "2016-06-22T17:56+09:00",
  "description": "Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. \r\n\r\nAccording to the developer, exploiting the vulnerability requires access to the LAN environment of the user.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:business_security",
      "@product": "Worry-Free Business Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:business_security_services",
      "@product": "Worry-Free Business Security Services",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
      "@product": "OfficeScan",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "3.3",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000074",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN48847535/index.html",
      "@id": "JVN#48847535",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223",
      "@id": "CVE-2016-1223",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1223",
      "@id": "CVE-2016-1223",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Trend Micro enterprise products directory traversal vulnerability"
}

JVNDB-2004-000586

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
Severity ?
() - -
Summary
Virus Buster Corporate Edition vulnerability
Details
Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file (Outbreak Prevent Policy configuration file), when a specific URL is entered to the management console.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000586.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file (Outbreak Prevent Policy configuration file), when a specific URL is entered to the management console.",
  "link": "https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000586.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
    "@product": "OfficeScan",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2004-000586",
  "sec:references": {
    "#text": "http://jvn.jp/en/jp/JVNFF73142E/index.html",
    "@id": "JVN#FF73142E",
    "@source": "JVN"
  },
  "title": "Virus Buster Corporate Edition vulnerability"
}