CVE-2001-1151

Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/220666	Patch Vendor Advisory
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
https://exchange.xforce.ibmcloud.com/vulnerabilities/7286

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trend_micro:virus_buster:corporate_3.53:::::::*
	cpe:2.3:a:trend_micro:officescan:corporate_3.53:::::::*

Information

Published : 2001-10-14 21:00

Updated : 2017-12-18 18:29

NVD link : CVE-2001-1151

Mitre link : CVE-2001-1151

JSON object : View

CWE

NVD-CWE-Other

Products Affected

trend_micro

virus_buster
officescan

5.0 /10