CVE-2017-14085 Information

Description

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network’s NT domain or the PHP version and modules.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-Information-Disclosure.html http://seclists.org/fulldisclosure/2017/Sep/85 http://www.securityfocus.com/archive/1/541281/100/0/threaded http://www.securityfocus.com/bid/101076 http://www.securitytracker.com/id/1039500 https://success.trendmicro.com/solution/1118372 https://www.exploit-db.com/exploits/42893/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3