CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25248 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25248
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security (versión 10.0 SP1 y Servicios), podría permitir a un atacante divulgar información confidencial sobre una tubería nombrada. Tome en cuenta: un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within TmCCSF.exe. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-118 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25249 – Trend Micro Apex One TmCCSF Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25249
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información de escritura fuera de límites en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security (versión 10.0 SP1 y servicios) podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within TmCCSF.exe. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-119 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25242 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25242
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información de la versión y compilación This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-115 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25246 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25246
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries. Una vulnerabilidad de divulgación de información del control de acceso inapropiado en Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1 y Worry-Free Business Security, podría permitir que un usuario no autenticado cree un agente falso en un servidor afectado que podría ser usado luego para hacer consultas de configuración válidas This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-117 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25239 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25239
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información sobre las revisiones de agentes x86 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-112 •