Vulnerability Description
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Officescan | corporate_3.53 |
| Trend Micro | Virus Buster | corporate_3.53 |
References
- http://www.securityfocus.com/archive/1/220666PatchVendor Advisory
- http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7286
- http://www.securityfocus.com/archive/1/220666PatchVendor Advisory
- http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7286
FAQ
What is CVE-2001-1151?
CVE-2001-1151 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini ...
How severe is CVE-2001-1151?
CVE-2001-1151 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1151?
Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Officescan, Trend Micro Virus Buster.