What is CVE-2016-1223?

CVE-2016-1223 is a medium-severity vulnerability in Trendmicro Officescan, classified under Path Traversal. CVSS score: 5.3/10. Published 2016-06-19.

How severe is CVE-2016-1223?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Path Traversal in Trendmicro Officescan

CVE-2016-1223

Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.017 (82.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Trendmicro Officescan — versions 11.0
Trendmicro Worry-free_business_security — versions 9.0
Trendmicro Worry-free_business_security_services — versions 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

JVN#48847535 (x_refsource_JVN, third-party-advisory, Vendor Advisory)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Vendor Advisory)
JVNDB-2016-000074 (x_refsource_JVNDB, Third Party Advisory, VDB Entry, third-party-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1223?: CVE-2016-1223 is a medium-severity vulnerability in Trendmicro Officescan, classified under Path Traversal. CVSS score: 5.3/10. Published 2016-06-19.
How severe is CVE-2016-1223?: Medium severity. CVSS v3 base score is 5.3 out of 10.