Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-0587 |
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. Published: January 31, 2023; 10:15:08 PM -0500 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2021-25252 |
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. Published: March 03, 2021; 11:15:13 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-18189 |
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. Published: October 28, 2019; 4:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-9489 |
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. Published: April 05, 2019; 7:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |