Detections
Analytics

Trend Micro Worry-Free Business Security (WFBS) Multiple Vulnerabilities (1114098)

medium Nessus Plugin ID 134452

Language:

Synopsis

The remote host is running an application that is affected by multiple vulnerabilities

Description

The remote host is running a version of the Trend Micro WFBS which is affected by multiple vulnerabilities. An attacker who has already gained a foothold on the local WFBS server may manipulate configuration variables in order to access files outside of the web root folder or modify HTTP response header values. Successful exploitation of the latter vulnerability may allow the attacker to conduct additional attacks against the remote host.
 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version.

Solution

Upgrade to the relevant fixed version referenced in Trend Micro advisory 1114098

See Also

http://www.nessus.org/u?d79fff04

Plugin Details

Severity: Medium

ID: 134452

File Name: trendmicro_wfbs_1114098.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 3/13/2020

Updated: 3/13/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Based on analysis of vendor advisory

CVSS v2

Risk Factor: Low

Base Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

Required KB Items: installed_sw/Trend Micro Worry-Free Business Security Advanced

Patch Publication Date: 5/16/2019

Vulnerability Publication Date: 5/16/2019