All the vulnerabilites related to Trend Micro, Inc. - Worry-Free Business Security Services
jvndb-2021-003385
Vulnerability from jvndb
Published
2021-10-26 12:35
Modified
2021-10-26 12:35
Summary
Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation
Details
Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003385.html",
"dc:date": "2021-10-26T12:35+09:00",
"dcterms:issued": "2021-10-26T12:35+09:00",
"dcterms:modified": "2021-10-26T12:35+09:00",
"description": "Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003385.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one_as_a_service",
"@product": "Apex One as a Service",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:worry_free_business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2021-003385",
"sec:references": {
"#text": "https://jvn.jp/en/vu/JVNVU92842857/",
"@id": "JVNVU#92842857",
"@source": "JVN"
},
"title": "Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation"
}
jvndb-2022-002265
Vulnerability from jvndb
Published
2022-08-18 15:45
Modified
2024-06-14 17:11
Severity ?
Summary
Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation
Details
Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002265.html",
"dc:date": "2024-06-14T17:11+09:00",
"dcterms:issued": "2022-08-18T15:45+09:00",
"dcterms:modified": "2024-06-14T17:11+09:00",
"description": "Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002265.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002265",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU96643038/index.html",
"@id": "JVNVU#96643038",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36336",
"@id": "CVE-2022-36336",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36336",
"@id": "CVE-2022-36336",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation"
}
jvndb-2021-002077
Vulnerability from jvndb
Published
2021-08-04 11:15
Modified
2021-08-04 11:15
Severity ?
Summary
Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises
Details
Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.
* Incorrect Permission Assignment (CWE-732) - CVE-2021-32464
* Improper Preservation of Permissions (CWE-281) - CVE-2021-32465
* Improper Input Validation (CWE-20) - CVE-2021-36741
* Improper Input Validation (CWE-20) - CVE-2021-36742
Trend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93876919/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32464 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32465 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36741 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36742 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-32464 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-32465 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-36742 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-36741 | |
| JPCERT | https://www.jpcert.or.jp/at/2021/at210033.html | |
| CISA Known Exploited Vulnerabilities Catalog | https://cisa.gov/known-exploited-vulnerabilities-catalog | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Improper Preservation of Permissions(CWE-281) | http://cwe.mitre.org/data/definitions/281.html | |
| Incorrect Permission Assignment for Critical Resource(CWE-732) | https://cwe.mitre.org/data/definitions/732.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
"dc:date": "2021-08-04T11:15+09:00",
"dcterms:issued": "2021-08-04T11:15+09:00",
"dcterms:modified": "2021-08-04T11:15+09:00",
"description": "Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n* Incorrect Permission Assignment (CWE-732) - CVE-2021-32464\r\n* Improper Preservation of Permissions (CWE-281) - CVE-2021-32465\r\n* Improper Input Validation (CWE-20) - CVE-2021-36741\r\n* Improper Input Validation (CWE-20) - CVE-2021-36742\r\n\r\nTrend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-002077",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93876919/index.html",
"@id": "JVNVU#93876919",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32464",
"@id": "CVE-2021-32464",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32465",
"@id": "CVE-2021-32465",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36741",
"@id": "CVE-2021-36741",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36742",
"@id": "CVE-2021-36742",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32464",
"@id": "CVE-2021-32464",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32465",
"@id": "CVE-2021-32465",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36742",
"@id": "CVE-2021-36742",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36741",
"@id": "CVE-2021-36741",
"@source": "NVD"
},
{
"#text": "https://www.jpcert.or.jp/at/2021/at210033.html",
"@id": "JPCERT-AT-2021-0033",
"@source": "JPCERT"
},
{
"#text": "https://cisa.gov/known-exploited-vulnerabilities-catalog",
"@id": "CVE-2021-36741, CVE-2021-36742",
"@source": "CISA Known Exploited Vulnerabilities Catalog"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "http://cwe.mitre.org/data/definitions/281.html",
"@id": "CWE-281",
"@title": "Improper Preservation of Permissions(CWE-281)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/732.html",
"@id": "CWE-732",
"@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
}
],
"title": "Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises"
}
jvndb-2022-001380
Vulnerability from jvndb
Published
2022-03-02 17:07
Modified
2022-03-02 17:07
Summary
Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)
Details
Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001380.html",
"dc:date": "2022-03-02T17:07+09:00",
"dcterms:issued": "2022-03-02T17:07+09:00",
"dcterms:modified": "2022-03-02T17:07+09:00",
"description": "Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001380.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2022-001380",
"sec:references": {
"#text": "https://jvn.jp/en/vu/JVNVU96994445/index.html",
"@id": "JVNVU#96994445",
"@source": "JVN"
},
"title": "Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)"
}
jvndb-2016-000074
Vulnerability from jvndb
Published
2016-06-02 16:18
Modified
2016-06-22 17:56
Severity ?
Summary
Trend Micro enterprise products directory traversal vulnerability
Details
Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability.
According to the developer, exploiting the vulnerability requires access to the LAN environment of the user.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html",
"dc:date": "2016-06-22T17:56+09:00",
"dcterms:issued": "2016-06-02T16:18+09:00",
"dcterms:modified": "2016-06-22T17:56+09:00",
"description": "Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. \r\n\r\nAccording to the developer, exploiting the vulnerability requires access to the LAN environment of the user.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
"@product": "OfficeScan",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000074",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48847535/index.html",
"@id": "JVN#48847535",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223",
"@id": "CVE-2016-1223",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1223",
"@id": "CVE-2016-1223",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Trend Micro enterprise products directory traversal vulnerability"
}
jvndb-2018-000013
Vulnerability from jvndb
Published
2018-02-15 16:39
Modified
2018-04-11 12:23
Severity ?
Summary
Insecure DLL Loading issue in multiple Trend Micro products
Details
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427).
When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded.
Hidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
"dc:date": "2018-04-11T12:23+09:00",
"dcterms:issued": "2018-02-15T16:39+09:00",
"dcterms:modified": "2018-04-11T12:23+09:00",
"description": "Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427).\r\n When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded.\r\n\r\nHidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:deep_security",
"@product": "Trend Micro Deep Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:endpoint_sensor",
"@product": "Trend Micro Endpoint Sensor",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:security",
"@product": "Trend Micro Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
"@product": "OfficeScan",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000013",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28865183/index.html",
"@id": "JVN#28865183",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6218",
"@id": "CVE-2018-6218",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-6218",
"@id": "CVE-2018-6218",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20180215-jvn.html",
"@id": "Security Alert for Vulnerability in multiple Trend Micro products (JVN#28865183)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Insecure DLL Loading issue in multiple Trend Micro products"
}
jvndb-2023-003721
Vulnerability from jvndb
Published
2023-09-20 13:58
Modified
2024-05-09 18:22
Severity ?
Summary
Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution
Details
Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module.
Trend Micro Incorporated states that an attack exploiting this vulnerability has been observed.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU90967486/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-41179 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-41179 | |
| JPCERT | https://www.jpcert.or.jp/english/at/2023/at230021.html | |
| CISA Known Exploited Vulnerabilities Catalog | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | |
| Code Injection(CWE-94) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003721.html",
"dc:date": "2024-05-09T18:22+09:00",
"dcterms:issued": "2023-09-20T13:58+09:00",
"dcterms:modified": "2024-05-09T18:22+09:00",
"description": "Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module.\r\n\r\nTrend Micro Incorporated states that an attack exploiting this vulnerability has been observed.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003721.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.1",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-003721",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90967486/index.html",
"@id": "JVNVU#90967486",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41179",
"@id": "CVE-2023-41179",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41179",
"@id": "CVE-2023-41179",
"@source": "NVD"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2023/at230021.html",
"@id": "JPCERT-AT-2023-0021",
"@source": "JPCERT"
},
{
"#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"@id": "CVE-2023-41179",
"@source": "CISA Known Exploited Vulnerabilities Catalog"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution"
}
jvndb-2016-000089
Vulnerability from jvndb
Published
2016-06-02 16:18
Modified
2016-06-22 17:58
Severity ?
Summary
Trend Micro enterprise products HTTP header injection vulnerability
Details
Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability.
According to the developer, exploiting the vulnerability requires access to the LAN environment of the user.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000089.html",
"dc:date": "2016-06-22T17:58+09:00",
"dcterms:issued": "2016-06-02T16:18+09:00",
"dcterms:modified": "2016-06-22T17:58+09:00",
"description": "Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. \r\n\r\nAccording to the developer, exploiting the vulnerability requires access to the LAN environment of the user.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000089.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.9",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000089",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48847535/index.html",
"@id": "JVN#48847535",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1224",
"@id": "CVE-2016-1224",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1224",
"@id": "CVE-2016-1224",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Trend Micro enterprise products HTTP header injection vulnerability"
}
jvndb-2021-002279
Vulnerability from jvndb
Published
2021-08-19 15:01
Modified
2021-08-19 15:01
Summary
Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises
Details
Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002279.html",
"dc:date": "2021-08-19T15:01+09:00",
"dcterms:issued": "2021-08-19T15:01+09:00",
"dcterms:modified": "2021-08-19T15:01+09:00",
"description": "Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002279.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2021-002279",
"sec:references": {
"#text": "https://jvn.jp/en/vu/JVNVU90091573/",
"@id": "JVNVU#90091573",
"@source": "JVN"
},
"title": "Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises"
}