Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Apex_one | Trendmicro | 2019 (including) | 2019 (including) |
| Officescan | Trendmicro | xg (including) | xg (including) |
| Officescan | Trendmicro | xg-sp1 (including) | xg-sp1 (including) |
| Worry-free_business_security | Trendmicro | 9.0-sp3 (including) | 9.0-sp3 (including) |
| Worry-free_business_security | Trendmicro | 9.5 (including) | 9.5 (including) |
| Worry-free_business_security | Trendmicro | 10.0 (including) | 10.0 (including) |
| Worry-free_business_security | Trendmicro | 10.0-sp1 (including) | 10.0-sp1 (including) |