TrendMicro Worry Free Business Security
By the Year
In 2024 there have been 0 vulnerabilities in TrendMicro Worry Free Business Security . Worry Free Business Security did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 8 | 6.70 |
| 2020 | 5 | 8.68 |
| 2019 | 1 | 9.80 |
| 2018 | 1 | 7.00 |
It may take a day or so for new Worry Free Business Security vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent TrendMicro Worry Free Business Security Security Vulnerabilities
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could
CVE-2021-44019
7.8 - High
- December 03, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
Improper Privilege Management
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could
CVE-2021-44020
7.8 - High
- December 03, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
Improper Privilege Management
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could
CVE-2021-44021
7.8 - High
- December 03, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
Improper Privilege Management
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could
CVE-2021-42012
7.8 - High
- October 21, 2021
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Memory Corruption
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server
CVE-2021-25246
6.5 - Medium
- February 04, 2021
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
AuthZ
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could
CVE-2021-25228
5.3 - Medium
- February 04, 2021
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
AuthZ
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could
CVE-2021-25244
5.3 - Medium
- February 04, 2021
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.
AuthZ
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could
CVE-2021-25245
5.3 - Medium
- February 04, 2021
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.
AuthZ
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could
CVE-2020-28574
7.5 - High
- November 18, 2020
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
Directory traversal
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could
CVE-2020-8468
8.8 - High
- March 18, 2020
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Injection
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
CVE-2020-8600
9.8 - Critical
- March 18, 2020
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.
Directory traversal
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file
CVE-2020-8598
9.8 - Critical
- March 18, 2020
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Improper Input Validation
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file
CVE-2020-8470
7.5 - High
- March 18, 2020
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Improper Input Validation
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may
CVE-2019-18189
9.8 - Critical
- October 28, 2019
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
Directory traversal
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could
CVE-2018-6218
7 - High
- February 16, 2018
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
Untrusted Path
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0
CVE-2016-1223
5.3 - Medium
- June 19, 2016
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0
CVE-2016-1224
6.1 - Medium
- June 19, 2016
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
XSS
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions
CVE-2008-2433
9.8 - Critical
- August 27, 2008
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
Use of Insufficiently Random Values
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for TrendMicro Worry Free Business Security or by TrendMicro? Click the Watch button to subscribe.
