Vulnerabilites related to Trend Micro - Trend Micro Worry-Free Business Security
CVE-2020-24557 (GCVE-0-2020-24557)
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2025-07-30 01:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Privilege Escalation
Summary
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2009 (on premise), SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:07.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-24557",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:41:43.764667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-24557"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:45:36.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-24557 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2009 (on premise), SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security ",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:21:21.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security ",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
},
{
"name": "https://success.trendmicro.com/solution/000267260",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000267260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-24557",
"datePublished": "2020-09-01T18:55:27.000Z",
"dateReserved": "2020-08-20T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:45:36.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44024 (GCVE-0-2021-44024)
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Link Following Denial-of-Service
Summary
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-08T15:51:04",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-44024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289996",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-44024",
"datePublished": "2022-01-08T15:51:04",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32463 (GCVE-0-2021-32463)
Vulnerability from cvelistv5
Published
2021-07-20 11:09
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Permission Assignment Denial-of-Service
Summary
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286856"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T11:09:57",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286856"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-32463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286855",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286855"
},
{
"name": "https://success.trendmicro.com/solution/000286856",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286856"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-32463",
"datePublished": "2021-07-20T11:09:57",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42106 (GCVE-0-2021-42106)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unnecessary Privileges Local Privilege Escalation
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unnecessary Privileges Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:09",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-42106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unnecessary Privileges Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-42106",
"datePublished": "2021-10-21T07:46:09",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25238 (GCVE-0-2021-25238)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro OfficeScan |
Version: XG SP1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:44",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25238",
"datePublished": "2021-02-04T19:36:45",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25231 (GCVE-0-2021-25231)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:40",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25231",
"datePublished": "2021-02-04T19:36:40",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25245 (GCVE-0-2021-25245)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:49",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25245",
"datePublished": "2021-02-04T19:36:49",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25236 (GCVE-0-2021-25236)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SSRF Information Disclosure
Summary
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro OfficeScan |
Version: XG SP1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:43",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25236",
"datePublished": "2021-02-04T19:36:43",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44021 (GCVE-0-2021-44021)
Vulnerability from cvelistv5
Published
2021-12-03 10:50
Modified
2024-08-04 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Privilege Management
Summary
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Privilege Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T10:50:11",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-44021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-44021",
"datePublished": "2021-12-03T10:50:11",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23139 (GCVE-0-2021-23139)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-03 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Null Pointer
Summary
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Null Pointer",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:02",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-23139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-23139",
"datePublished": "2021-10-21T07:46:02",
"dateReserved": "2021-10-01T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25242 (GCVE-0-2021-25242)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:47",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25242",
"datePublished": "2021-02-04T19:36:47",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42105 (GCVE-0-2021-42105)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unnecessary Privileges Local Privilege Escalation
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unnecessary Privileges Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:08",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-42105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unnecessary Privileges Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-42105",
"datePublished": "2021-10-21T07:46:08",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24680 (GCVE-0-2022-24680)
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Link Following Local Privilege Escalation
Summary
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T02:45:52",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-24680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000290464",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"name": "https://success.trendmicro.com/solution/000290486",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-24680",
"datePublished": "2022-02-24T02:45:52",
"dateReserved": "2022-02-09T00:00:00",
"dateUpdated": "2024-08-03T04:20:49.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25249 (GCVE-0-2021-25249)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-Bounds Write Information Disclosure
Summary
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Write Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:52",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Write Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25249",
"datePublished": "2021-02-04T19:36:52",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45440 (GCVE-0-2021-45440)
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unnecessary Privileges Local Privilege Escalation
Summary
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unnecessary Privileges Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-08T15:51:06",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-45440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unnecessary Privileges Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289996",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-45440",
"datePublished": "2022-01-08T15:51:06",
"dateReserved": "2021-12-20T00:00:00",
"dateUpdated": "2024-08-04T04:39:20.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42012 (GCVE-0-2021-42012)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Stack-based Buffer Overflow Privilege Escalation
Summary
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:03",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-42012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-42012",
"datePublished": "2021-10-21T07:46:03",
"dateReserved": "2021-10-05T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45442 (GCVE-0-2021-45442)
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Link Following Denial-of-Service
Summary
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-08T15:51:08",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-45442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289996",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-45442",
"datePublished": "2022-01-08T15:51:08",
"dateReserved": "2021-12-20T00:00:00",
"dateUpdated": "2024-08-04T04:39:20.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36741 (GCVE-0-2021-36741)
Vulnerability from cvelistv5
Published
2021-07-29 19:23
Modified
2025-07-30 01:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary File Upload
Summary
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36741",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:40:34.627421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36741"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:38:05.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-36741 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T19:23:13.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-36741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/solution/000287820",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287815",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-36741",
"datePublished": "2021-07-29T19:23:13.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:38:05.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42104 (GCVE-0-2021-42104)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unnecessary Privileges Local Privilege Escalation
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unnecessary Privileges Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:07",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-42104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unnecessary Privileges Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-42104",
"datePublished": "2021-10-21T07:46:07",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32464 (GCVE-0-2021-32464)
Vulnerability from cvelistv5
Published
2021-08-04 18:29
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Permission Assignment Privilege Escalation
Summary
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286857"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:29:36",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286857"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-32464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/solution/000286857",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286857"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-32464",
"datePublished": "2021-08-04T18:29:36",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25240 (GCVE-0-2021-25240)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:46",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25240",
"datePublished": "2021-02-04T19:36:46",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25244 (GCVE-0-2021-25244)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:49",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25244",
"datePublished": "2021-02-04T19:36:49",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25228 (GCVE-0-2021-25228)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:38",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25228",
"datePublished": "2021-02-04T19:36:38",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42108 (GCVE-0-2021-42108)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unnecessary Privileges Local Privilege Escalation
Summary
Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unnecessary Privileges Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:11",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-42108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unnecessary Privileges Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-42108",
"datePublished": "2021-10-21T07:46:11",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28574 (GCVE-0-2020-28574)
Vulnerability from cvelistv5
Published
2020-11-18 18:45
Modified
2024-08-04 16:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthenticated Path Traversal Arbitrary Remote File Deletion
Summary
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000281948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product\u0027s management console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Path Traversal Arbitrary Remote File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:39",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000281948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-28574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product\u0027s management console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Path Traversal Arbitrary Remote File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000281948",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000281948"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-62",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-28574",
"datePublished": "2020-11-18T18:45:39",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25239 (GCVE-0-2021-25239)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:45",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25239",
"datePublished": "2021-02-04T19:36:45",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44020 (GCVE-0-2021-44020)
Vulnerability from cvelistv5
Published
2021-12-03 10:50
Modified
2024-08-04 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Privilege Management
Summary
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Privilege Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T10:50:11",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-44020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-44020",
"datePublished": "2021-12-03T10:50:11",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25246 (GCVE-0-2021-25246)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:50",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25246",
"datePublished": "2021-02-04T19:36:50",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44019 (GCVE-0-2021-44019)
Vulnerability from cvelistv5
Published
2021-12-03 10:50
Modified
2024-08-04 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Privilege Management
Summary
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Privilege Management",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T10:50:10",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-44019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-44019",
"datePublished": "2021-12-03T10:50:10",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24559 (GCVE-0-2020-24559)
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Hard Link Privilege Escalation
Summary
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2009 (on premise), SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:07.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2009 (on premise), SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hard Link Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:21:21",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard Link Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
},
{
"name": "https://success.trendmicro.com/solution/000267260",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000267260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-24559",
"datePublished": "2020-09-01T18:55:27",
"dateReserved": "2020-08-20T00:00:00",
"dateUpdated": "2024-08-04T15:19:07.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24678 (GCVE-0-2022-24678)
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Resource Exhaustion Denial-of-Service
Summary
An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Exhaustion Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T02:45:49",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-24678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Exhaustion Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000290464",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"name": "https://success.trendmicro.com/solution/000290486",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-24678",
"datePublished": "2022-02-24T02:45:49",
"dateReserved": "2022-02-09T00:00:00",
"dateUpdated": "2024-08-03T04:20:49.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24679 (GCVE-0-2022-24679)
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Link Following Local Privilege Escalation
Summary
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T02:45:51",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-24679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000290464",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290464"
},
{
"name": "https://success.trendmicro.com/solution/000290486",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290486"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-24679",
"datePublished": "2022-02-24T02:45:51",
"dateReserved": "2022-02-09T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24558 (GCVE-0-2020-24558)
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Privilege Escalation
Summary
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2009 (on premise), SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:07.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2009 (on premise), SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:21:21",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
},
{
"name": "https://success.trendmicro.com/solution/000267260",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000267260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-24558",
"datePublished": "2020-09-01T18:55:27",
"dateReserved": "2020-08-20T00:00:00",
"dateUpdated": "2024-08-04T15:19:07.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3848 (GCVE-0-2021-3848)
Vulnerability from cvelistv5
Published
2021-10-06 09:50
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary File Creation by Privliege Escalation
Summary
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Creation by Privliege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T09:50:57",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-3848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Creation by Privliege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289183",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-3848",
"datePublished": "2021-10-06T09:50:57",
"dateReserved": "2021-10-01T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42107 (GCVE-0-2021-42107)
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unnecessary Privileges Local Privilege Escalation
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unnecessary Privileges Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T07:46:10",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-42107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unnecessary Privileges Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289229",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"name": "https://success.trendmicro.com/solution/000289230",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289230"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-42107",
"datePublished": "2021-10-21T07:46:10",
"dateReserved": "2021-10-08T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25233 (GCVE-0-2021-25233)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:41",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25233",
"datePublished": "2021-02-04T19:36:41",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25241 (GCVE-0-2021-25241)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SSRF Information Disclosure
Summary
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:47",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25241",
"datePublished": "2021-02-04T19:36:47",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25243 (GCVE-0-2021-25243)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:48",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25243",
"datePublished": "2021-02-04T19:36:48",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25248 (GCVE-0-2021-25248)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-Bounds Read Information Disclosure
Summary
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:51",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25248",
"datePublished": "2021-02-04T19:36:51",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25234 (GCVE-0-2021-25234)
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:42",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25234",
"datePublished": "2021-02-04T19:36:42",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36742 (GCVE-0-2021-36742)
Vulnerability from cvelistv5
Published
2021-07-29 19:23
Modified
2025-07-30 01:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Local Privilege Escalation
Summary
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36742",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:39:21.806477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:38:05.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-36742 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T19:23:14.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-36742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/solution/000287820",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287815",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-36742",
"datePublished": "2021-07-29T19:23:14.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:38:05.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36336 (GCVE-0-2022-36336)
Vulnerability from cvelistv5
Published
2022-07-29 23:15
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Link Following LPE
Summary
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019 and SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000291267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 and SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1 and SaaS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following LPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-29T23:15:34",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000291267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-36336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019 and SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1 and SaaS"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following LPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000291267",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000291267"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-36336",
"datePublished": "2022-07-29T23:15:34",
"dateReserved": "2022-07-20T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24556 (GCVE-0-2020-24556)
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2009 (on premise), SaaS |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000263633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2009 (on premise), SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:21:21",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000263633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000267260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000263632"
},
{
"name": "https://success.trendmicro.com/solution/000263633",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000263633"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
},
{
"name": "https://success.trendmicro.com/solution/000267260",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000267260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-24556",
"datePublished": "2020-09-01T18:55:26",
"dateReserved": "2020-08-20T00:00:00",
"dateUpdated": "2024-08-04T15:12:09.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8607 (GCVE-0-2020-8607)
Vulnerability from cvelistv5
Published
2020-08-05 14:05
Modified
2024-08-04 10:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019 (On premise), SaaS |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000260713"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000260748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99160193/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99160193/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (On premise), SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Deep Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "12.x, 11.x. 10.x"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
},
{
"product": "Trend Micro Security (Consumer Family)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16), 2019 (v15)"
}
]
},
{
"product": "Trend Micro Safe Lock",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2.0 SP1, TXOne Ed"
}
]
},
{
"product": "Trend Micro ServerProtect",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8"
}
]
},
{
"product": "Trend Micro Portable Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
},
{
"product": "Trend Micro HouseCall",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
},
{
"product": "Trend Micro Anti-Threat Toolkit (ATTK)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "1.62.1240 and below"
}
]
},
{
"product": "Trend Micro Rootkit Buster",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T14:05:22",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000260713"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000260748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99160193/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU99160193/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-8607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019 (On premise), SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Deep Security",
"version": {
"version_data": [
{
"version_value": "12.x, 11.x. 10.x"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
},
{
"product_name": "Trend Micro Security (Consumer Family)",
"version": {
"version_data": [
{
"version_value": "2020 (v16), 2019 (v15)"
}
]
}
},
{
"product_name": "Trend Micro Safe Lock",
"version": {
"version_data": [
{
"version_value": "2.0 SP1, TXOne Ed"
}
]
}
},
{
"product_name": "Trend Micro ServerProtect",
"version": {
"version_data": [
{
"version_value": "SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8"
}
]
}
},
{
"product_name": "Trend Micro Portable Security",
"version": {
"version_data": [
{
"version_value": "3.x, 2.x"
}
]
}
},
{
"product_name": "Trend Micro HouseCall",
"version": {
"version_data": [
{
"version_value": "8.0"
}
]
}
},
{
"product_name": "Trend Micro Anti-Threat Toolkit (ATTK)",
"version": {
"version_data": [
{
"version_value": "1.62.1240 and below"
}
]
}
},
{
"product_name": "Trend Micro Rootkit Buster",
"version": {
"version_data": [
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000260713",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000260713"
},
{
"name": "https://success.trendmicro.com/jp/solution/000260748",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000260748"
},
{
"name": "https://jvn.jp/vu/JVNVU99160193/",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99160193/"
},
{
"name": "https://jvn.jp/en/vu/JVNVU99160193/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU99160193/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-8607",
"datePublished": "2020-08-05T14:05:23",
"dateReserved": "2020-02-04T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23805 (GCVE-0-2022-23805)
Vulnerability from cvelistv5
Published
2022-02-04 22:32
Modified
2024-08-03 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-Of-Bounds Read Information Disclosure
Summary
A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Version: 10.0 SP1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-Of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:32:58",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-23805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000290416",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290416"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-23805",
"datePublished": "2022-02-04T22:32:58",
"dateReserved": "2022-01-20T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45231 (GCVE-0-2021-45231)
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Link Following Privilege Escalation
Summary
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Trend Micro | Trend Micro Apex One |
Version: 2019, SaaS |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-08T15:51:05",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-45231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000289996",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000289996"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-45231",
"datePublished": "2022-01-08T15:51:05",
"dateReserved": "2021-12-17T00:00:00",
"dateUpdated": "2024-08-04T04:39:20.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}