trendmicro security advisories

8 threat alerts tracking vulnerabilities and security advisories that affect trendmicro products.

Vulnios monitors trendmicro CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent trendmicro security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2017-11381 — trendmicro — deep_discovery_director
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
criticalCVE-2017-11381
Critical Vulnerability: CVE-2017-11380 — trendmicro — deep_discovery_director
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Dis
criticalCVE-2017-11380
Critical Vulnerability: CVE-2017-9034 — trendmicro — serverprotect
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate softw
criticalCVE-2017-9034
Critical Vulnerability: CVE-2016-8584 — trendmicro — threat_discovery_appliance
Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.
criticalCVE-2016-8584
Critical Vulnerability: CVE-2016-7547 — trendmicro — threat_discovery_appliance
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
criticalCVE-2016-7547
Critical Vulnerability: CVE-2016-7552 — trendmicro — threat_discovery_appliance
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can
criticalCVE-2016-7552
Critical Vulnerability: CVE-2016-9269 — trendmicro — interscan_web_security_virtual_appliance
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated,
criticalCVE-2016-9269
Critical Vulnerability: CVE-2016-6269 — trendmicro — smart_protection_server
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete ar
criticalCVE-2016-6269

Track trendmicro exposure across your environment

Vulnios automatically cross-references your asset inventory against new trendmicro CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

trendmicro security advisories

Critical Vulnerability: CVE-2017-11381 — trendmicro — deep_discovery_director

Critical Vulnerability: CVE-2017-11380 — trendmicro — deep_discovery_director

Critical Vulnerability: CVE-2017-9034 — trendmicro — serverprotect

Critical Vulnerability: CVE-2016-8584 — trendmicro — threat_discovery_appliance

Critical Vulnerability: CVE-2016-7547 — trendmicro — threat_discovery_appliance

Critical Vulnerability: CVE-2016-7552 — trendmicro — threat_discovery_appliance

Critical Vulnerability: CVE-2016-9269 — trendmicro — interscan_web_security_virtual_appliance

Critical Vulnerability: CVE-2016-6269 — trendmicro — smart_protection_server

Track trendmicro exposure across your environment