Vulnerabilites related to trend_micro - virus_buster
cve-2001-1150
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/7014.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/210087 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/209375 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3216 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:08.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "officescan-iuser-read-files(7014)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "http://www.iss.net/security_center/static/7014.php", }, { name: "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/210087", }, { name: "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/209375", }, { name: "3216", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/3216", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-08-22T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2002-03-22T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "officescan-iuser-read-files(7014)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "http://www.iss.net/security_center/static/7014.php", }, { name: "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/210087", }, { name: "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/209375", }, { name: "3216", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/3216", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1150", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "officescan-iuser-read-files(7014)", refsource: "XF", url: "http://www.iss.net/security_center/static/7014.php", }, { name: "20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/210087", }, { name: "20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/209375", }, { name: "3216", refsource: "BID", url: "http://www.securityfocus.com/bid/3216", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1150", datePublished: "2002-03-15T05:00:00", dateReserved: "2002-03-15T00:00:00", dateUpdated: "2024-08-08T04:44:08.063Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2001-1151
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7286 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/220666 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:44:08.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { name: "officescan-config-file-access(7286)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { name: "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/220666", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2001-08-22T00:00:00", descriptions: [ { lang: "en", value: "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-18T21:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { name: "officescan-config-file-access(7286)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { name: "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/220666", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2001-1151", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", refsource: "MISC", url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { name: "officescan-config-file-access(7286)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { name: "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/220666", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2001-1151", datePublished: "2002-03-15T05:00:00", dateReserved: "2002-03-15T00:00:00", dateUpdated: "2024-08-08T04:44:08.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2003-1341
Vulnerability from cvelistv5
Published
2007-10-14 19:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6181 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/7881 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11059 | vdb-entry, x_refsource_XF | |
| http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353 | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/6616 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:28:02.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "6181", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/6181", }, { name: "7881", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/7881", }, { name: "officescan-cgichkmasterpwd-auth-bypass(11059)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { name: "20030114 Assorted Trend Vulns Rev 2.0", tags: [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { name: "6616", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/6616", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-01-14T00:00:00", descriptions: [ { lang: "en", value: "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "6181", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/6181", }, { name: "7881", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/7881", }, { name: "officescan-cgichkmasterpwd-auth-bypass(11059)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { name: "20030114 Assorted Trend Vulns Rev 2.0", tags: [ "mailing-list", "x_refsource_VULNWATCH", ], url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { name: "6616", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/6616", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-1341", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "6181", refsource: "OSVDB", url: "http://www.osvdb.org/6181", }, { name: "7881", refsource: "SECUNIA", url: "http://secunia.com/advisories/7881", }, { name: "officescan-cgichkmasterpwd-auth-bypass(11059)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { name: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", refsource: "CONFIRM", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { name: "20030114 Assorted Trend Vulns Rev 2.0", refsource: "VULNWATCH", url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { name: "6616", refsource: "BID", url: "http://www.securityfocus.com/bid/6616", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-1341", datePublished: "2007-10-14T19:00:00", dateReserved: "2007-10-14T00:00:00", dateUpdated: "2024-08-08T02:28:02.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2001-08-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.iss.net/security_center/static/7014.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/209375 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/210087 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/3216 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7014.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/209375 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/210087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3216 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_3.5 | |
| trend_micro | officescan | corporate_3.54 | |
| trend_micro | virus_buster | corporate_3.52 | |
| trend_micro | virus_buster | corporate_3.53 | |
| trend_micro | virus_buster | corporate_3.54 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.5:*:*:*:*:*:*:*", matchCriteriaId: "BE60F5D9-35D0-4D0E-85D1-EE71E533622F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "A79FBAAA-D6B8-4A05-B8E1-D7549207EA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.52:*:*:*:*:*:*:*", matchCriteriaId: "6E3D6BED-09E4-48AD-9AF8-59FFE9241E73", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*", matchCriteriaId: "924B6C34-036E-4A3E-A5CA-219D06379A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.54:*:*:*:*:*:*:*", matchCriteriaId: "B4D76FA9-4C35-4D33-A4AC-BAACC16335B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.", }, ], id: "CVE-2001-1150", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-08-22T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/7014.php", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/209375", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/210087", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.iss.net/security_center/static/7014.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/209375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/210087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/3216", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | 3.0 | |
| trend_micro | officescan | 3.1.1 | |
| trend_micro | officescan | 3.5 | |
| trend_micro | officescan | 3.5 | |
| trend_micro | officescan | 3.11 | |
| trend_micro | officescan | 3.11 | |
| trend_micro | officescan | 3.13 | |
| trend_micro | officescan | 3.13 | |
| trend_micro | officescan | 3.54 | |
| trend_micro | virus_buster | 3.52 | |
| trend_micro | virus_buster | 3.53 | |
| trend_micro | virus_buster | 3.54 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*", matchCriteriaId: "4013BF7E-DE8F-4941-BF15-D17C8C88DB78", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "6D89F5A6-CF62-4EB2-AD75-0AF4FDA279B6", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "FCE38732-A854-4B45-9F08-0356AB8A2FA0", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*", matchCriteriaId: "B0CB2406-0DDD-4653-94BC-7474B4E298DD", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "CA0852D4-5A87-41E7-A924-8EB4D6827DD7", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*", matchCriteriaId: "BECFA7BB-E0EA-41E9-BE6F-7FD6751D0E37", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "439E4F94-C5E6-4E26-83DC-CECE166CB298", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*", matchCriteriaId: "A37C9CBC-DC20-40B5-9713-C823935ECA1C", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*", matchCriteriaId: "0935C827-9E24-4DB2-B694-BB233F6693F9", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*", matchCriteriaId: "BD6B7257-8D78-4EED-8E92-2FF807018E1F", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*", matchCriteriaId: "951A2994-54C5-401D-9254-0E814A4B8538", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*", matchCriteriaId: "AA8EF8C3-D6B3-4037-BE06-85196EC150F2", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*", matchCriteriaId: "49591281-E68C-4F97-AC98-73BB1B5A0A40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.", }, ], id: "CVE-2003-1341", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { source: "cve@mitre.org", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/7881", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/6181", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/6616", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/7881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/6181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/6616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-16", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2001-10-15 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trend_micro | officescan | corporate_3.53 | |
| trend_micro | virus_buster | corporate_3.53 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:trend_micro:officescan:corporate_3.53:*:*:*:*:*:*:*", matchCriteriaId: "C5FF32ED-84C2-4A22-BA4D-2436B96A69A8", vulnerable: true, }, { criteria: "cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:*:*:*:*:*:*:*", matchCriteriaId: "924B6C34-036E-4A3E-A5CA-219D06379A1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.", }, ], id: "CVE-2001-1151", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2001-10-15T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/220666", }, { source: "cve@mitre.org", url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.securityfocus.com/archive/1/220666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }