CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42108 – Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42108
19 Oct 2021 — Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Unas vulnerabilidades de privilegios no necesarios en la consola web de Trend Micro Apex One, Apex One as a Service y Worry-Free Business Se... • https://success.trendmicro.com/solution/000289229 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42104 – Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42104
19 Oct 2021 — Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107. Unas vulnerabilidades de privileg... • https://success.trendmicro.com/solution/000289229 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3848
https://notcve.org/view.php?id=CVE-2021-3848
06 Oct 2021 — An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad ... • https://success.trendmicro.com/solution/000289183 •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-36742 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36742
29 Jul 2021 — A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Sec... • https://success.trendmicro.com/jp/solution/000287796 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36741 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36741
29 Jul 2021 — An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Secu... • https://success.trendmicro.com/jp/solution/000287796 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32463 – Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-32463
13 Jul 2021 — An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de denegación de servicio por asignación d... • https://success.trendmicro.com/solution/000286855 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25241 – Trend Micro Apex One Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25241
29 Jan 2021 — A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. Una vulnerabilidad de divulgación de información de tipo server-side request forgery (SSRF) en Trend Micro Apex One y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado localizar agentes en línea mediante un barrido This vulnerability allows remote attackers ... • https://success.trendmicro.com/solution/000284202 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25239 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25239
29 Jan 2021 — An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información sobre las revisiones de agentes x86 This vulnerability allows remote ... • https://success.trendmicro.com/solution/000284202 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25242 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25242
29 Jan 2021 — An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información de la versión y compilación This vulnerability allows remote... • https://success.trendmicro.com/solution/000284202 •