CVE-2021-23139
https://notcve.org/view.php?id=CVE-2021-23139
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Una vulnerabilidad de puntero null en Trend Micro Apex One y Worry-Free Business Security versión 10.0 SP1, podría permitir a un atacante bloquear el programa CGI en las instalaciones afectadas • https://success.trendmicro.com/solution/000289229 https://success.trendmicro.com/solution/000289230 • CWE-476: NULL Pointer Dereference •
CVE-2021-42104 – Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42104
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107. Unas vulnerabilidades de privilegios no necesarios en Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security versión 10.0 SP1 y Worry-Free Business Security Services podrían permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000289229 https://success.trendmicro.com/solution/000289230 https://www.zerodayinitiative.com/advisories/ZDI-21-1216 • CWE-269: Improper Privilege Management •
CVE-2021-42012 – Trend Micro Worry-Free Business Security Stack-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42012
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en Trend Micro Apex One, Apex One as a Service y Worry-Free Business Security versión 10.0 SP1, podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Security Server Database Service. • https://success.trendmicro.com/solution/000289229 https://success.trendmicro.com/solution/000289230 https://www.zerodayinitiative.com/advisories/ZDI-21-1221 • CWE-787: Out-of-bounds Write •
CVE-2021-42106 – Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42106
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107. Unas vulnerabilidades de privilegios no necesarios en Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security versión 10.0 SP1 y Worry-Free Business Security Services podrían permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000289229 https://success.trendmicro.com/solution/000289230 https://www.zerodayinitiative.com/advisories/ZDI-21-1218 • CWE-269: Improper Privilege Management •
CVE-2021-42107 – Trend Micro Apex One Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42107
Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106. Unas vulnerabilidades de privilegios no necesarios en Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security versión 10.0 SP1 y Worry-Free Business Security Services podrían permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000289229 https://success.trendmicro.com/solution/000289230 https://www.zerodayinitiative.com/advisories/ZDI-21-1214 • CWE-269: Improper Privilege Management •