An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
[
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
]