CVE-2001-1151

high

Description

Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7286

http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318

http://www.securityfocus.com/archive/1/220666

Details

Source: Mitre, NVD

Published: 2001-10-15

Updated: 2017-12-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High