CVE-2021-32465 – Trend Micro Apex One Incorrect Permission Preservation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-32465
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de conservación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y OfficeScan XG SP1, podría permitir a un usuario remoto llevar a cabo un ataque y omitir la autenticación en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Apex One. Authentication as a low-privileged Windows domain user is required to exploit this vulnerability. The specific flaw exists within the product patching functionality. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/solution/000287819 https://www.zerodayinitiative.com/advisories/ZDI-21-911 • CWE-281: Improper Preservation of Permissions •
CVE-2021-36742 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36742
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Security versión 10.0 SP1, permite a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/jp/solution/000287815 https://success.trendmicro.com/solution/000287819 https://success.trendmicro.com/solution/000287820 • CWE-20: Improper Input Validation •
CVE-2021-36741 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36741
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Security versión 10.0 SP1, permite a un adjunto remoto cargar archivos arbitrarios en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de iniciar sesión en la consola de administración del producto para poder explotar esta vulnerabilidad Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/jp/solution/000287815 https://success.trendmicro.com/solution/000287819 https://success.trendmicro.com/solution/000287820 • CWE-20: Improper Input Validation •
CVE-2021-32463 – Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-32463
An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de denegación de servicio por asignación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security versión 10.0 SP1 y Worry-Free Services, podría permitir a un atacante local escalar privilegios y eliminar archivos con privilegios del sistema en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Security Agent. • https://success.trendmicro.com/solution/000286855 https://success.trendmicro.com/solution/000286856 https://www.zerodayinitiative.com/advisories/ZDI-21-786 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-28646
https://notcve.org/view.php?id=CVE-2021-28646
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. Una vulnerabilidad de permisos de archivo no segura en Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1, podría permitir a un atacante local tomar el control de un archivo de registro específico en las instalaciones afectadas • https://success.trendmicro.com/solution/000286019 https://success.trendmicro.com/solution/000286157 • CWE-732: Incorrect Permission Assignment for Critical Resource •