Описание
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security:10.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00595
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product?s management console as a root user. The vulnerability does not require authentication.
EPSS
Процентиль: 69%
0.00595
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-22