5.3
CVE-2017-14085
- EPSS 5.65%
- Veröffentlicht 06.10.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@trendmicro.com
- CVE-Watchlists
- Unerledigt
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Officescan Version11.0 Updatesp1
Trendmicro ≫ Officescan Version12.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.65% | 0.92 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.securityfocus.com/bid/101076
http://www.securitytracker.com/id/1039500
https://success.trendmicro.com/solution/1118372
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-Information-Disclosure.html
http://seclists.org/fulldisclosure/2017/Sep/85
http://www.securityfocus.com/archive/1/541281/100/0/threaded
https://www.exploit-db.com/exploits/42893/