CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42105 – Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42105
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107. Unas vulnerabilidades de privilegios no necesarios en Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security versión 10.0 SP1 y Worry-Free Business Security Services podrían permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000289229 https://success.trendmicro.com/solution/000289230 https://www.zerodayinitiative.com/advisories/ZDI-21-1215 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42103 – Trend Micro Apex One Uncontrolled Search Path Element Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42103
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42101. Una vulnerabilidad de elemento de ruta de búsqueda no controlada en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000289229 https://www.zerodayinitiative.com/advisories/ZDI-21-1213 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3848
https://notcve.org/view.php?id=CVE-2021-3848
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de creación de archivos arbitrarios por escalada de privilegios en Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security versión 10.0 SP1 y Worry-Free Business Security Services podría permitir a un atacante local crear un archivo arbitrario con privilegios superiores que podría conllevar a una denegación de servicio (DoS) en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con privilegios bajos en el sistema de destino para poder explotar esta vulnerabilidad • https://success.trendmicro.com/solution/000289183 •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-32465 – Trend Micro Apex One Incorrect Permission Preservation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-32465
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de conservación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y OfficeScan XG SP1, podría permitir a un usuario remoto llevar a cabo un ataque y omitir la autenticación en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Apex One. Authentication as a low-privileged Windows domain user is required to exploit this vulnerability. The specific flaw exists within the product patching functionality. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/solution/000287819 https://www.zerodayinitiative.com/advisories/ZDI-21-911 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32464 – Trend Micro Worry-Free Business Security Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32464
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios por asignación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y Worry-Free Business Security Services, podría permitir a un atacante modificar un script específico antes de ejecutarlo. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Worry-Free Business Services Agent. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/solution/000286857 https://success.trendmicro.com/solution/000287819 https://www.zerodayinitiative.com/advisories/ZDI-21-910 • CWE-276: Incorrect Default Permissions •