{
  "GSD": {
    "alias": "CVE-2021-32464",
    "description": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
    "id": "GSD-2021-32464"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-32464"
      ],
      "details": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
      "id": "GSD-2021-32464",
      "modified": "2023-12-13T01:23:09.065208Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2021-32464",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Apex One",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2019, SaaS"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Trend Micro Worry-Free Business Security",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Services (SaaS)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Incorrect Permission Assignment Privilege Escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://success.trendmicro.com/solution/000287819",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000287819"
          },
          {
            "name": "https://success.trendmicro.com/jp/solution/000287796",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/jp/solution/000287796"
          },
          {
            "name": "https://success.trendmicro.com/solution/000286857",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000286857"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-32464"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
            },
            {
              "name": "https://success.trendmicro.com/jp/solution/000287796",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/jp/solution/000287796"
            },
            {
              "name": "https://success.trendmicro.com/solution/000287819",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/solution/000287819"
            },
            {
              "name": "https://success.trendmicro.com/solution/000286857",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/solution/000286857"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-08-12T13:19Z",
      "publishedDate": "2021-08-04T19:15Z"
    }
  }
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eApex One (sur site) versions ant\u00e9rieures \u00e0 CP 9601\u003c/li\u003e \u003cli\u003eApex One\u00a0\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eas a Service (SaaS) sans le correctif de juillet 2021\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eWorry-Free Business Security versions 10.x ant\u00e9rieures \u00e0 10.0 SP1 Patch 2329\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eWorry-Free Business Security Services versions 6.7.x ant\u00e9rieures \u00e0\u00a06.7.1538\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eWorry-Free Business Security Services versions ant\u00e9rieures \u00e0\u00a014.2.1295\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eTrend Micro d\u00e9clare avoir constat\u00e9 au moins une tentative d\u0027exploitation en cha\u00eene des vuln\u00e9rabilit\u00e9s\u00a0\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eCVE-2021-36741 et\u00a0CVE-2021-36742.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-36741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36741"
    },
    {
      "name": "CVE-2021-36742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36742"
    },
    {
      "name": "CVE-2021-32464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32464"
    },
    {
      "name": "CVE-2021-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32465"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-582",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000286857 du 28 juillet 2021",
      "url": "https://success.trendmicro.com/solution/000286857"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000287820 du 28 juillet 2021",
      "url": "https://success.trendmicro.com/solution/000287820"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000287819 du 28 juillet 2021",
      "url": "https://success.trendmicro.com/solution/000287819"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eApex One (sur site) versions ant\u00e9rieures \u00e0 CP 9601\u003c/li\u003e \u003cli\u003eApex One\u00a0\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eas a Service (SaaS) sans le correctif de juillet 2021\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eWorry-Free Business Security versions 10.x ant\u00e9rieures \u00e0 10.0 SP1 Patch 2329\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eWorry-Free Business Security Services versions 6.7.x ant\u00e9rieures \u00e0\u00a06.7.1538\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003cli\u003e\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eWorry-Free Business Security Services versions ant\u00e9rieures \u00e0\u00a014.2.1295\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eTrend Micro d\u00e9clare avoir constat\u00e9 au moins une tentative d\u0027exploitation en cha\u00eene des vuln\u00e9rabilit\u00e9s\u00a0\u003cspan id=\"j_id0:j_id51\"\u003e\u003cspan id=\"j_id0:j_id78\"\u003eCVE-2021-36741 et\u00a0CVE-2021-36742.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-36741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36741"
    },
    {
      "name": "CVE-2021-36742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36742"
    },
    {
      "name": "CVE-2021-32464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32464"
    },
    {
      "name": "CVE-2021-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32465"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-582",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000286857 du 28 juillet 2021",
      "url": "https://success.trendmicro.com/solution/000286857"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000287820 du 28 juillet 2021",
      "url": "https://success.trendmicro.com/solution/000287820"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000287819 du 28 juillet 2021",
      "url": "https://success.trendmicro.com/solution/000287819"
    }
  ]
}

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
  "dc:date": "2021-08-04T11:15+09:00",
  "dcterms:issued": "2021-08-04T11:15+09:00",
  "dcterms:modified": "2021-08-04T11:15+09:00",
  "description": "Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n* Incorrect Permission Assignment (CWE-732) - CVE-2021-32464\r\n* Improper Preservation of Permissions (CWE-281) - CVE-2021-32465\r\n* Improper Input Validation (CWE-20) - CVE-2021-36741\r\n* Improper Input Validation (CWE-20) - CVE-2021-36742\r\n\r\nTrend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:apex_one",
      "@product": "Apex One",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:business_security",
      "@product": "Worry-Free Business Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:business_security_services",
      "@product": "Worry-Free Business Security Services",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "7.2",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-002077",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93876919/index.html",
      "@id": "JVNVU#93876919",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32464",
      "@id": "CVE-2021-32464",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32465",
      "@id": "CVE-2021-32465",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36741",
      "@id": "CVE-2021-36741",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36742",
      "@id": "CVE-2021-36742",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32464",
      "@id": "CVE-2021-32464",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32465",
      "@id": "CVE-2021-32465",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36742",
      "@id": "CVE-2021-36742",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36741",
      "@id": "CVE-2021-36741",
      "@source": "NVD"
    },
    {
      "#text": "https://www.jpcert.or.jp/at/2021/at210033.html",
      "@id": "JPCERT-AT-2021-0033",
      "@source": "JPCERT"
    },
    {
      "#text": "https://cisa.gov/known-exploited-vulnerabilities-catalog",
      "@id": "CVE-2021-36741, CVE-2021-36742",
      "@source": "CISA Known Exploited Vulnerabilities Catalog"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "http://cwe.mitre.org/data/definitions/281.html",
      "@id": "CWE-281",
      "@title": "Improper Preservation of Permissions(CWE-281)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/732.html",
      "@id": "CWE-732",
      "@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises"
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de escalada de privilegios por asignaci\u00f3n de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y Worry-Free Business Security Services, podr\u00eda permitir a un atacante modificar un script espec\u00edfico antes de ejecutarlo. Nota: un atacante debe obtener primero la habilidad de ejecutar c\u00f3digo poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-32464",
  "lastModified": "2024-11-21T06:07:05.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-04T19:15:08.437",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/jp/solution/000287796"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000286857"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000287819"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/jp/solution/000287796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000286857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000287819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2021-32464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-04T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-jxx7-6p68-38fv",
  "modified": "2022-05-24T19:09:54Z",
  "published": "2022-05-24T19:09:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32464"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/jp/solution/000287796"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000286857"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000287819"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}