threat
engine
.sh
Back
·
··:··
Home
/
Product
/
trendmicro officescan
Product
trendmicro officescan
100 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-32465
all versions
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allo
8.8
HIGH
CVE-2021-32464
all versions
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Fre
7.8
HIGH
CVE-2021-36742
all versions
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Se
7.8
HIGH
CVE-2021-36741
all versions
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business
8.8
HIGH
CVE-2021-28646
all versions
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a loca
5.5
MEDIUM
CVE-2021-28645
all versions
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow
7.8
HIGH
CVE-2021-25253
all versions
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a res
7.8
HIGH
CVE-2021-25250
all versions
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sen
7.8
HIGH
CVE-2021-25252
all versions
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability
5.5
MEDIUM
CVE-2021-25249
all versions
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Wor
7.8
HIGH
CVE-2021-25248
all versions
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worr
5.5
MEDIUM
CVE-2021-25246
all versions
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1,
6.5
MEDIUM
CVE-2021-25243
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2021-25242
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2021-25240
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2021-25239
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10
5.3
MEDIUM
CVE-2021-25238
all versions
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security
5.3
MEDIUM
CVE-2021-25236
all versions
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business
5.3
MEDIUM
CVE-2021-25235
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthent
5.3
MEDIUM
CVE-2021-25234
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2021-25233
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2021-25232
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthent
5.3
MEDIUM
CVE-2021-25231
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2021-25230
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthent
5.3
MEDIUM
CVE-2021-25229
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthent
5.3
MEDIUM
CVE-2021-25228
all versions
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Se
5.3
MEDIUM
CVE-2020-28583
all versions
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unaut
5.3
MEDIUM
CVE-2020-28582
all versions
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unaut
5.3
MEDIUM
CVE-2020-28577
all versions
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unaut
5.3
MEDIUM
CVE-2020-28576
all versions
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unaut
5.3
MEDIUM
CVE-2020-28573
all versions
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unaut
5.3
MEDIUM
CVE-2020-24562
all versions
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on t
7.8
HIGH
CVE-2020-24559
all versions
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS
7.8
HIGH
CVE-2020-8607
all versions
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit prot
6.7
MEDIUM
CVE-2020-8599
all versions
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arb
9.8
CRITICAL
CVE-2020-8598
all versions
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service
9.8
CRITICAL
CVE-2020-8470
all versions
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service
7.5
HIGH
CVE-2020-8468
all versions
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content vali
8.8
HIGH
CVE-2020-8467
all versions
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote atta
8.8
HIGH
CVE-2019-14688
all versions
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package
7.0
HIGH
CVE-2019-19691
all versions
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulatin
4.9
MEDIUM
CVE-2019-18189
all versions
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) ma
9.8
CRITICAL
CVE-2019-18187
all versions
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability
7.5
HIGH
CVE-2019-9492
all versions
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code exec
7.8
HIGH
CVE-2019-9489
all versions
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (
7.5
HIGH
CVE-2018-18332
all versions
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on som
7.5
HIGH
CVE-2018-18331
all versions
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacke
7.5
HIGH
CVE-2018-3608
all versions
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver co
9.8
CRITICAL
CVE-2018-10509
all versions
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vul
8.8
HIGH
CVE-2018-10508
all versions
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account
8.8
HIGH
CVE-2018-10507
all versions
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the
4.4
MEDIUM
CVE-2018-10506
all versions
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker t
4.7
MEDIUM
CVE-2018-10505
all versions
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to esc
6.3
MEDIUM
CVE-2018-10359
all versions
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to esc
6.3
MEDIUM
CVE-2018-10358
all versions
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to esc
6.3
MEDIUM
CVE-2018-6218
all versions
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a v
7.0
HIGH
CVE-2017-14089
all versions
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who c
9.8
CRITICAL
CVE-2017-14088
all versions
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arb
7.0
HIGH
CVE-2017-14087
all versions
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header,
7.5
HIGH
CVE-2017-14086
all versions
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who c
7.5
HIGH
CVE-2017-14085
all versions
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the Of
5.3
MEDIUM
CVE-2017-14084
all versions
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arb
8.1
HIGH
CVE-2017-14083
all versions
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download th
7.5
HIGH
CVE-2017-11394
all versions
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code o
9.8
CRITICAL
CVE-2017-11393
all versions
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code o
9.8
CRITICAL
CVE-2017-8801
all versions
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted U
6.1
MEDIUM
CVE-2017-5481
all versions
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by lever
8.8
HIGH
CVE-2016-1223
all versions
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Busine
5.3
MEDIUM
CVE-2010-0564
<= 8.0
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dl
CVE-2009-1435
all versions
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (applica
CVE-2008-3866
all versions
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Tren
CVE-2008-3865
all versions
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Secu
CVE-2008-3864
all versions
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in
CVE-2008-3862
all versions
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before
CVE-2008-4403
all versions
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remo
CVE-2008-4402
all versions
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 bef
CVE-2008-2439
all versions
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client i
CVE-2008-2437
all versions
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a
CVE-2008-2433
>= 7.0 and <= 8.0
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messagin
9.8
CRITICAL
CVE-2008-3364
all versions
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp E
CVE-2007-3455
all versions
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the passwor
CVE-2007-3454
all versions
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote atta
CVE-2007-0851
all versions
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such
CVE-2006-6458
all versions
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Interne
CVE-2006-6179
all versions
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089
CVE-2006-6178
all versions
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows re
CVE-2006-5212
all versions
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition
CVE-2006-5157
all versions
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 P
CVE-2006-1381
all versions
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use
CVE-2005-3379
all versions
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with t
CVE-2005-0533
all versions
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows r
CVE-2004-2430
all versions
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detec
CVE-2004-2006
all versions
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry key
CVE-2003-1341
all versions
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from
CVE-2002-1349
all versions
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input s
CVE-2001-1151
all versions
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the
CVE-2001-1150
all versions
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote
CVE-2000-0205
all versions
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan client
CVE-2000-0204
all versions
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, whic
CVE-2000-0203
all versions
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 123
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin