CVE-2017-14085

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.

Published: Oct 6, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-14085
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
trendmicro / officescan	12.0	12.0.x
trendmicro / officescan	11.0-sp1	11.0-sp1.x

http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-Information-Disclosure.html
http://seclists.org/fulldisclosure/2017/Sep/85
http://www.securityfocus.com/archive/1/541281/100/0/threaded
http://www.securityfocus.com/bid/101076
http://www.securitytracker.com/id/1039500
https://success.trendmicro.com/solution/1118372
https://www.exploit-db.com/exploits/42893/

Vulnerability Database

289,784

CVE-2017-14085