All the vulnerabilites related to Trend Micro - Trend Micro Worry-Free Business Security
cve-2021-45440
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:39
Severity ?
Summary
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289996"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unnecessary Privileges Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T15:51:06",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289996"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-45440",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unnecessary Privileges Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289996",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-45440",
    "datePublished": "2022-01-08T15:51:06",
    "dateReserved": "2021-12-20T00:00:00",
    "dateUpdated": "2024-08-04T04:39:20.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-23139
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-03 18:58
Severity ?
Summary
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Null Pointer",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:02",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-23139",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Null Pointer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-23139",
    "datePublished": "2021-10-21T07:46:02",
    "dateReserved": "2021-10-01T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25234
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:42",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-109/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25234",
    "datePublished": "2021-02-04T19:36:42",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25245
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:49",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25245",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25245",
    "datePublished": "2021-02-04T19:36:49",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8607
Vulnerability from cvelistv5
Published
2020-08-05 14:05
Modified
2024-08-04 10:03
Severity ?
Summary
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000260713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000260748"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU99160193/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU99160193/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019 (On premise), SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "12.x, 11.x. 10.x"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        },
        {
          "product": "Trend Micro Security (Consumer Family)",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2020 (v16), 2019 (v15)"
            }
          ]
        },
        {
          "product": "Trend Micro Safe Lock",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2.0 SP1, TXOne Ed"
            }
          ]
        },
        {
          "product": "Trend Micro ServerProtect",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8"
            }
          ]
        },
        {
          "product": "Trend Micro Portable Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "3.x, 2.x"
            }
          ]
        },
        {
          "product": "Trend Micro HouseCall",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "8.0"
            }
          ]
        },
        {
          "product": "Trend Micro Anti-Threat Toolkit (ATTK)",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "1.62.1240 and below"
            }
          ]
        },
        {
          "product": "Trend Micro Rootkit Buster",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-05T14:05:22",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000260713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000260748"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU99160193/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/vu/JVNVU99160193/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-8607",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 (On premise), SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Deep Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.x, 11.x. 10.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Security (Consumer Family)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2020 (v16), 2019 (v15)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Safe Lock",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0 SP1, TXOne Ed"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro ServerProtect",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Portable Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.x, 2.x"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro HouseCall",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Anti-Threat Toolkit (ATTK)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.62.1240 and below"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Rootkit Buster",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000260713",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000260713"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000260748",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000260748"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU99160193/",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU99160193/"
            },
            {
              "name": "https://jvn.jp/en/vu/JVNVU99160193/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/vu/JVNVU99160193/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-8607",
    "datePublished": "2020-08-05T14:05:23",
    "dateReserved": "2020-02-04T00:00:00",
    "dateUpdated": "2024-08-04T10:03:46.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44021
Vulnerability from cvelistv5
Published
2021-12-03 10:50
Modified
2024-08-04 04:10
Severity ?
Summary
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-03T10:50:11",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-44021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-44021",
    "datePublished": "2021-12-03T10:50:11",
    "dateReserved": "2021-11-18T00:00:00",
    "dateUpdated": "2024-08-04T04:10:17.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24679
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:20
Severity ?
Summary
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290464"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290486"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T02:45:51",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290464"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290486"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-24679",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290464",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "name": "https://success.trendmicro.com/solution/000290486",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-24679",
    "datePublished": "2022-02-24T02:45:51",
    "dateReserved": "2022-02-09T00:00:00",
    "dateUpdated": "2024-08-03T04:20:50.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25242
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:47",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25242",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25242",
    "datePublished": "2021-02-04T19:36:47",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-45231
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:39
Severity ?
Summary
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289996"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T15:51:05",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289996"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-45231",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289996",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-45231",
    "datePublished": "2022-01-08T15:51:05",
    "dateReserved": "2021-12-17T00:00:00",
    "dateUpdated": "2024-08-04T04:39:20.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44019
Vulnerability from cvelistv5
Published
2021-12-03 10:50
Modified
2024-08-04 04:10
Severity ?
Summary
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-03T10:50:10",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-44019",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-44019",
    "datePublished": "2021-12-03T10:50:10",
    "dateReserved": "2021-11-18T00:00:00",
    "dateUpdated": "2024-08-04T04:10:17.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-36742
Vulnerability from cvelistv5
Published
2021-07-29 19:23
Modified
2024-08-04 01:01
Severity ?
Summary
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:01:59.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000287819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000287820"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000287796"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000287815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-29T19:23:14",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000287819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000287820"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000287796"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000287815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-36742",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000287819",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000287819"
            },
            {
              "name": "https://success.trendmicro.com/solution/000287820",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000287820"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000287796",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000287796"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000287815",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000287815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-36742",
    "datePublished": "2021-07-29T19:23:14",
    "dateReserved": "2021-07-14T00:00:00",
    "dateUpdated": "2024-08-04T01:01:59.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24557
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:19
Severity ?
Summary
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:07.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000263632"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000267260"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2009 (on premise), SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security ",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T21:21:21",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000263632"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000267260"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-24557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2009 (on premise), SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000263632",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000263632"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
            },
            {
              "name": "https://success.trendmicro.com/solution/000267260",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000267260"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-24557",
    "datePublished": "2020-09-01T18:55:27",
    "dateReserved": "2020-08-20T00:00:00",
    "dateUpdated": "2024-08-04T15:19:07.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25249
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-Bounds Write Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:52",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-Bounds Write Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-119/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25249",
    "datePublished": "2021-02-04T19:36:52",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24678
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:20
Severity ?
Summary
An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:49.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290464"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290486"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Resource Exhaustion Denial-of-Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T02:45:49",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290464"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290486"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-24678",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Resource Exhaustion Denial-of-Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290464",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "name": "https://success.trendmicro.com/solution/000290486",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-24678",
    "datePublished": "2022-02-24T02:45:49",
    "dateReserved": "2022-02-09T00:00:00",
    "dateUpdated": "2024-08-03T04:20:49.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32463
Vulnerability from cvelistv5
Published
2021-07-20 11:09
Modified
2024-08-03 23:17
Severity ?
Summary
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:29.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000286855"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000286856"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect Permission Assignment Denial-of-Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T11:09:57",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000286855"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000286856"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-32463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Permission Assignment Denial-of-Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000286855",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000286855"
            },
            {
              "name": "https://success.trendmicro.com/solution/000286856",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000286856"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-786/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-32463",
    "datePublished": "2021-07-20T11:09:57",
    "dateReserved": "2021-05-07T00:00:00",
    "dateUpdated": "2024-08-03T23:17:29.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25240
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:46",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25240",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25240",
    "datePublished": "2021-02-04T19:36:46",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36336
Vulnerability from cvelistv5
Published
2022-07-29 23:15
Modified
2024-08-03 10:00
Severity ?
Summary
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:00:04.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000291267"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019 and SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1 and SaaS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following LPE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-29T23:15:34",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000291267"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-36336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019 and SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1 and SaaS"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following LPE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000291267",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000291267"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-36336",
    "datePublished": "2022-07-29T23:15:34",
    "dateReserved": "2022-07-20T00:00:00",
    "dateUpdated": "2024-08-03T10:00:04.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-36741
Vulnerability from cvelistv5
Published
2021-07-29 19:23
Modified
2024-08-04 01:01
Severity ?
Summary
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:01:59.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000287819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000287820"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000287796"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000287815"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Upload",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-29T19:23:13",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000287819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000287820"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000287796"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000287815"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-36741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product\ufffds management console in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Upload"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000287819",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000287819"
            },
            {
              "name": "https://success.trendmicro.com/solution/000287820",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000287820"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000287796",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000287796"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000287815",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000287815"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-36741",
    "datePublished": "2021-07-29T19:23:13",
    "dateReserved": "2021-07-14T00:00:00",
    "dateUpdated": "2024-08-04T01:01:59.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24558
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:19
Severity ?
Summary
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:07.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000263632"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000267260"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2009 (on premise), SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T21:21:21",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000263632"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000267260"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-24558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2009 (on premise), SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000263632",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000263632"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
            },
            {
              "name": "https://success.trendmicro.com/solution/000267260",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000267260"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-24558",
    "datePublished": "2020-09-01T18:55:27",
    "dateReserved": "2020-08-20T00:00:00",
    "dateUpdated": "2024-08-04T15:19:07.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24556
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:12
Severity ?
Summary
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:12:09.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000263632"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000263633"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000267260"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2009 (on premise), SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T21:21:21",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000263632"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000263633"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000267260"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-24556",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2009 (on premise), SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000263632",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000263632"
            },
            {
              "name": "https://success.trendmicro.com/solution/000263633",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000263633"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
            },
            {
              "name": "https://success.trendmicro.com/solution/000267260",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000267260"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-24556",
    "datePublished": "2020-09-01T18:55:26",
    "dateReserved": "2020-08-20T00:00:00",
    "dateUpdated": "2024-08-04T15:12:09.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25246
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:50",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25246",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25246",
    "datePublished": "2021-02-04T19:36:50",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32464
Vulnerability from cvelistv5
Published
2021-08-04 18:29
Modified
2024-08-03 23:17
Severity ?
Summary
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:29.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000287819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/jp/solution/000287796"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000286857"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect Permission Assignment Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-04T18:29:36",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000287819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/jp/solution/000287796"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000286857"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-32464",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Permission Assignment Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000287819",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000287819"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000287796",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/jp/solution/000287796"
            },
            {
              "name": "https://success.trendmicro.com/solution/000286857",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000286857"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-32464",
    "datePublished": "2021-08-04T18:29:36",
    "dateReserved": "2021-05-07T00:00:00",
    "dateUpdated": "2024-08-03T23:17:29.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25248
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-Bounds Read Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:51",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-Bounds Read Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25248",
    "datePublished": "2021-02-04T19:36:51",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25243
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:48",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25243",
    "datePublished": "2021-02-04T19:36:48",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24559
Vulnerability from cvelistv5
Published
2020-09-01 18:55
Modified
2024-08-04 15:19
Severity ?
Summary
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:07.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000263632"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000267260"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2009 (on premise), SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hard Link Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T21:21:21",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000263632"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000267260"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-24559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2009 (on premise), SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Hard Link Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000263632",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000263632"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
            },
            {
              "name": "https://success.trendmicro.com/solution/000267260",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000267260"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-24559",
    "datePublished": "2020-09-01T18:55:27",
    "dateReserved": "2020-08-20T00:00:00",
    "dateUpdated": "2024-08-04T15:19:07.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44024
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:10
Severity ?
Summary
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289996"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following Denial-of-Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T15:51:04",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289996"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-44024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following Denial-of-Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289996",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-44024",
    "datePublished": "2022-01-08T15:51:04",
    "dateReserved": "2021-11-18T00:00:00",
    "dateUpdated": "2024-08-04T04:10:17.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42107
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unnecessary Privileges Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:10",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-42107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unnecessary Privileges Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-42107",
    "datePublished": "2021-10-21T07:46:10",
    "dateReserved": "2021-10-08T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25238
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:44",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25238",
    "datePublished": "2021-02-04T19:36:45",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44020
Vulnerability from cvelistv5
Published
2021-12-03 10:50
Modified
2024-08-04 04:10
Severity ?
Summary
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-03T10:50:11",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-44020",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-44020",
    "datePublished": "2021-12-03T10:50:11",
    "dateReserved": "2021-11-18T00:00:00",
    "dateUpdated": "2024-08-04T04:10:17.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25236
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.077Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSRF Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:43",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25236",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSRF Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-120/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25236",
    "datePublished": "2021-02-04T19:36:43",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.077Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42108
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
Summary
Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unnecessary Privileges Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:11",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-42108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unnecessary Privileges Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-42108",
    "datePublished": "2021-10-21T07:46:11",
    "dateReserved": "2021-10-08T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25233
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:41",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-108/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25233",
    "datePublished": "2021-02-04T19:36:41",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42012
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
Summary
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stack-based Buffer Overflow Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:03",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-42012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stack-based Buffer Overflow Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-42012",
    "datePublished": "2021-10-21T07:46:03",
    "dateReserved": "2021-10-05T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25228
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:38",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25228",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-103/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25228",
    "datePublished": "2021-02-04T19:36:38",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25231
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:40",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25231",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-106/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25231",
    "datePublished": "2021-02-04T19:36:40",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25244
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.102Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:49",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25244",
    "datePublished": "2021-02-04T19:36:49",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42104
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unnecessary Privileges Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:07",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-42104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unnecessary Privileges Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-42104",
    "datePublished": "2021-10-21T07:46:07",
    "dateReserved": "2021-10-08T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28574
Vulnerability from cvelistv5
Published
2020-11-18 18:45
Modified
2024-08-04 16:40
Severity ?
Summary
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000281948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2020-62"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product\u0027s management console."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unauthenticated Path Traversal Arbitrary Remote File Deletion",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-18T18:45:39",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000281948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2020-62"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-28574",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product\u0027s management console."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated Path Traversal Arbitrary Remote File Deletion"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000281948",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000281948"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2020-62",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2020-62"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-28574",
    "datePublished": "2020-11-18T18:45:39",
    "dateReserved": "2020-11-12T00:00:00",
    "dateUpdated": "2024-08-04T16:40:59.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-45442
Vulnerability from cvelistv5
Published
2022-01-08 15:51
Modified
2024-08-04 04:39
Severity ?
Summary
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289996"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following Denial-of-Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-08T15:51:08",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289996"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-45442",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following Denial-of-Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289996",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-45442",
    "datePublished": "2022-01-08T15:51:08",
    "dateReserved": "2021-12-20T00:00:00",
    "dateUpdated": "2024-08-04T04:39:20.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25239
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            }
          ]
        },
        {
          "product": "Trend Micro OfficeScan",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "XG SP1"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:45",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro OfficeScan",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "XG SP1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284205",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284205"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25239",
    "datePublished": "2021-02-04T19:36:45",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42106
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unnecessary Privileges Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:09",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-42106",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unnecessary Privileges Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-42106",
    "datePublished": "2021-10-21T07:46:09",
    "dateReserved": "2021-10-08T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25241
Vulnerability from cvelistv5
Published
2021-02-04 19:36
Modified
2024-08-03 19:56
Severity ?
Summary
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000284206"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SSRF Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T19:36:47",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000284206"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-25241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SSRF Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000284202",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284202"
            },
            {
              "name": "https://success.trendmicro.com/solution/000284206",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000284206"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-25241",
    "datePublished": "2021-02-04T19:36:47",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-08-03T19:56:11.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3848
Vulnerability from cvelistv5
Published
2021-10-06 09:50
Modified
2024-08-03 17:09
Severity ?
Summary
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289183"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary File Creation by Privliege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T09:50:57",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289183"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-3848",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary File Creation by Privliege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289183",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289183"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-3848",
    "datePublished": "2021-10-06T09:50:57",
    "dateReserved": "2021-10-01T00:00:00",
    "dateUpdated": "2024-08-03T17:09:09.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42105
Vulnerability from cvelistv5
Published
2021-10-21 07:46
Modified
2024-08-04 03:22
Severity ?
Summary
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289229"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000289230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unnecessary Privileges Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-21T07:46:08",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289229"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000289230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-42105",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unnecessary Privileges Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000289229",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "name": "https://success.trendmicro.com/solution/000289230",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2021-42105",
    "datePublished": "2021-10-21T07:46:08",
    "dateReserved": "2021-10-08T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24680
Vulnerability from cvelistv5
Published
2022-02-24 02:45
Modified
2024-08-03 04:20
Severity ?
Summary
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:49.145Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290464"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290486"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Apex One",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2019, SaaS"
            }
          ]
        },
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1, Services (SaaS)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following Local Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T02:45:52",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290464"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290486"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-24680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Apex One",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019, SaaS"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1, Services (SaaS)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following Local Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290464",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "name": "https://success.trendmicro.com/solution/000290486",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-24680",
    "datePublished": "2022-02-24T02:45:52",
    "dateReserved": "2022-02-09T00:00:00",
    "dateUpdated": "2024-08-03T04:20:49.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23805
Vulnerability from cvelistv5
Published
2022-02-04 22:32
Modified
2024-08-03 03:51
Severity ?
Summary
A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290416"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Worry-Free Business Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "10.0 SP1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-Of-Bounds Read Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-04T22:32:58",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290416"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-23805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Worry-Free Business Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.0 SP1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-Of-Bounds Read Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290416",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290416"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-23805",
    "datePublished": "2022-02-04T22:32:58",
    "dateReserved": "2022-01-20T00:00:00",
    "dateUpdated": "2024-08-03T03:51:45.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}