CVE-2021-28645 – Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-28645
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de asignación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y OfficeScan XG SP1, podría permitir a un atacante local escalar los privilegios en las instalaciones afectadas. Nota: un atacante primero debe obtener la habilidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne Security Agent. • https://success.trendmicro.com/solution/000286019 https://success.trendmicro.com/solution/000286157 https://www.zerodayinitiative.com/advisories/ZDI-21-402 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-25253 – Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25253
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One, Trend Micro Apex One as a Service y OfficeScan XG SP1, en un recurso usado por el servicio podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante primero debe obtener la habilidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne Security Agent. • https://github.com/msd0pe-1/CVE-2021-25253 https://success.trendmicro.com/solution/000286019 https://success.trendmicro.com/solution/000286157 https://www.zerodayinitiative.com/advisories/ZDI-21-401 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-25250 – Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25250
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One, Trend Micro Apex One as a Service y OfficeScan XG SP1, en un archivo confidencial podría permitir a un atacante local escalar los privilegios en las instalaciones afectadas. Nota: un atacante primero debe obtener la habilidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne Security Agent. • https://success.trendmicro.com/solution/000286019 https://success.trendmicro.com/solution/000286157 https://www.zerodayinitiative.com/advisories/ZDI-21-400 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente diseñado • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-25233 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25233
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información sobre un archivo de descarga de configuración específico This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-108 •