Vulnerability Details CVE-2017-14085
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 92.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
- http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2017/Sep/85
- http://www.securityfocus.com/archive/1/541281/100/0/threaded
- http://www.securityfocus.com/bid/101076
- http://www.securitytracker.com/id/1039500
- https://success.trendmicro.com/solution/1118372
- https://www.exploit-db.com/exploits/42893/
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
- http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2017/Sep/85
- http://www.securityfocus.com/archive/1/541281/100/0/threaded
- http://www.securityfocus.com/bid/101076
- http://www.securitytracker.com/id/1039500
- https://success.trendmicro.com/solution/1118372
- https://www.exploit-db.com/exploits/42893/
Products affected by CVE-2017-14085
-
cpe:2.3:a:trendmicro:officescan:11.0
-
cpe:2.3:a:trendmicro:officescan:12.0