Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
106 vulnerabilities found for Trend Micro OfficeScan by Trend Micro
CVE-2021-32465 (GCVE-0-2021-32465)
Vulnerability from cvelistv5 – Published: 2021-08-04 18:29 – Updated: 2024-08-03 23:17
VLAI
Summary
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Incorrect Permission Preservation Authentication Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000287819 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287796 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Preservation Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:29:37.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-32465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Preservation Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-32465",
"datePublished": "2021-08-04T18:29:37.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:29.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36742 (GCVE-0-2021-36742)
Vulnerability from cvelistv5 – Published: 2021-07-29 19:23 – Updated: 2025-10-21 23:25
VLAI
CISA KEV
Summary
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Local Privilege Escalation
- CWE-20 - Improper Input Validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000287819 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000287820 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287796 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287815 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36742",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:39:21.806477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:39.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-36742 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T19:23:14.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-36742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/solution/000287820",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287815",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-36742",
"datePublished": "2021-07-29T19:23:14.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:39.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36741 (GCVE-0-2021-36741)
Vulnerability from cvelistv5 – Published: 2021-07-29 19:23 – Updated: 2025-10-21 23:25
VLAI
CISA KEV
Summary
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Arbitrary File Upload
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000287819 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000287820 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287796 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287815 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36741",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:40:34.627421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36741"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:39.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36741"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-36741 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T19:23:13.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-36741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/solution/000287820",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287815",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-36741",
"datePublished": "2021-07-29T19:23:13.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:39.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28646 (GCVE-0-2021-28646)
Vulnerability from cvelistv5 – Published: 2021-04-13 12:54 – Updated: 2024-08-03 21:47
VLAI
Summary
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
Severity
No CVSS data available.
CWE
- Insecure File Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure File Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:54:59.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-28646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure File Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-28646",
"datePublished": "2021-04-13T12:54:59.000Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:47:33.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28645 (GCVE-0-2021-28645)
Vulnerability from cvelistv5 – Published: 2021-04-13 12:54 – Updated: 2024-08-03 21:47
VLAI
Summary
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Incorrect Permission Assignment
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:54:38.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-28645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-28645",
"datePublished": "2021-04-13T12:54:38.000Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:47:33.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25253 (GCVE-0-2021-25253)
Vulnerability from cvelistv5 – Published: 2021-04-13 12:53 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:53:59.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25253",
"datePublished": "2021-04-13T12:53:59.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25250 (GCVE-0-2021-25250)
Vulnerability from cvelistv5 – Published: 2021-04-13 12:35 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:35:04.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25250",
"datePublished": "2021-04-13T12:35:04.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25249 (GCVE-0-2021-25249)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Write Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1, Services (SaaS)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Write Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:52.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Write Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25249",
"datePublished": "2021-02-04T19:36:52.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25248 (GCVE-0-2021-25248)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Read Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1, Services (SaaS)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:51.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25248",
"datePublished": "2021-02-04T19:36:51.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25246 (GCVE-0-2021-25246)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:50.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25246",
"datePublished": "2021-02-04T19:36:50.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25243 (GCVE-0-2021-25243)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:48.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25243",
"datePublished": "2021-02-04T19:36:48.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25242 (GCVE-0-2021-25242)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:47.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25242",
"datePublished": "2021-02-04T19:36:47.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25240 (GCVE-0-2021-25240)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25240",
"datePublished": "2021-02-04T19:36:46.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25238 (GCVE-0-2021-25238)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25238",
"datePublished": "2021-02-04T19:36:45.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25239 (GCVE-0-2021-25239)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:45.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25239",
"datePublished": "2021-02-04T19:36:45.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32465 (GCVE-0-2021-32465)
Vulnerability from nvd – Published: 2021-08-04 18:29 – Updated: 2024-08-03 23:17
VLAI
Summary
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Incorrect Permission Preservation Authentication Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000287819 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287796 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Preservation Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:29:37.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-32465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Preservation Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-911/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-32465",
"datePublished": "2021-08-04T18:29:37.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:29.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36742 (GCVE-0-2021-36742)
Vulnerability from nvd – Published: 2021-07-29 19:23 – Updated: 2025-10-21 23:25
VLAI
CISA KEV
Summary
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Local Privilege Escalation
- CWE-20 - Improper Input Validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000287819 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000287820 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287796 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287815 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36742",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:39:21.806477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:39.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-36742 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T19:23:14.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-36742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/solution/000287820",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287815",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-36742",
"datePublished": "2021-07-29T19:23:14.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:39.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36741 (GCVE-0-2021-36741)
Vulnerability from nvd – Published: 2021-07-29 19:23 – Updated: 2025-10-21 23:25
VLAI
CISA KEV
Summary
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Arbitrary File Upload
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000287819 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000287820 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287796 | x_refsource_MISC |
| https://success.trendmicro.com/jp/solution/000287815 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36741",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:40:34.627421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36741"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:39.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36741"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-36741 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T19:23:13.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-36741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000287819",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287819"
},
{
"name": "https://success.trendmicro.com/solution/000287820",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000287820"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287796",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287796"
},
{
"name": "https://success.trendmicro.com/jp/solution/000287815",
"refsource": "MISC",
"url": "https://success.trendmicro.com/jp/solution/000287815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-36741",
"datePublished": "2021-07-29T19:23:13.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:39.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28646 (GCVE-0-2021-28646)
Vulnerability from nvd – Published: 2021-04-13 12:54 – Updated: 2024-08-03 21:47
VLAI
Summary
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
Severity
No CVSS data available.
CWE
- Insecure File Permissions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure File Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:54:59.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-28646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure File Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-28646",
"datePublished": "2021-04-13T12:54:59.000Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:47:33.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28645 (GCVE-0-2021-28645)
Vulnerability from nvd – Published: 2021-04-13 12:54 – Updated: 2024-08-03 21:47
VLAI
Summary
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Incorrect Permission Assignment
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:54:38.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-28645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Permission Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-28645",
"datePublished": "2021-04-13T12:54:38.000Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:47:33.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25253 (GCVE-0-2021-25253)
Vulnerability from nvd – Published: 2021-04-13 12:53 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:53:59.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-401/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25253",
"datePublished": "2021-04-13T12:53:59.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25250 (GCVE-0-2021-25250)
Vulnerability from nvd – Published: 2021-04-13 12:35 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000286019 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000286157 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T12:35:04.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000286019",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286019"
},
{
"name": "https://success.trendmicro.com/solution/000286157",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-400/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25250",
"datePublished": "2021-04-13T12:35:04.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25249 (GCVE-0-2021-25249)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Write Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1, Services (SaaS)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Write Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:52.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Write Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25249",
"datePublished": "2021-02-04T19:36:52.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25248 (GCVE-0-2021-25248)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Read Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1, Services (SaaS)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:51.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25248",
"datePublished": "2021-02-04T19:36:51.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25246 (GCVE-0-2021-25246)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:50.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25246",
"datePublished": "2021-02-04T19:36:50.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25243 (GCVE-0-2021-25243)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:48.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25243",
"datePublished": "2021-02-04T19:36:48.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25242 (GCVE-0-2021-25242)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:47.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25242",
"datePublished": "2021-02-04T19:36:47.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25240 (GCVE-0-2021-25240)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25240",
"datePublished": "2021-02-04T19:36:46.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25238 (GCVE-0-2021-25238)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25238",
"datePublished": "2021-02-04T19:36:45.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25239 (GCVE-0-2021-25239)
Vulnerability from nvd – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:45.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25239",
"datePublished": "2021-02-04T19:36:45.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}