CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25243 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25243
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información a nivel de parche This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-116 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25240 – Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25240
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información de las revisiones de agentes x86 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-113 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25231 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25231
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (on premises y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información sobre un archivo del histórico de revisiones específico This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284205 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-106 •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2021-25241 – Trend Micro Apex One Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25241
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. Una vulnerabilidad de divulgación de información de tipo server-side request forgery (SSRF) en Trend Micro Apex One y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado localizar agentes en línea mediante un barrido This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue results from improper access control. An attacker can leverage this vulnerability to disclose information from the application. • https://success.trendmicro.com/solution/000284202 https://success.trendmicro.com/solution/000284206 https://www.zerodayinitiative.com/advisories/ZDI-21-114 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-24558 – Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-24558
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad en una dll de Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 y Worry-Free Business Security Services dll, puede permitir a un atacante manipularla para causar una lectura fuera de límites que bloquee varios procesos en el producto. Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema de objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within OfcPIPC_64x.dll. • https://success.trendmicro.com/solution/000263632 https://success.trendmicro.com/solution/000267260 https://www.zerodayinitiative.com/advisories/ZDI-20-1095 • CWE-125: Out-of-bounds Read •