CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32464 – Trend Micro Worry-Free Business Security Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32464
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios por asignación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y Worry-Free Business Security Services, podría permitir a un atacante modificar un script específico antes de ejecutarlo. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Worry-Free Business Services Agent. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/solution/000286857 https://success.trendmicro.com/solution/000287819 https://www.zerodayinitiative.com/advisories/ZDI-21-910 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-32465 – Trend Micro Apex One Incorrect Permission Preservation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-32465
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de conservación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y OfficeScan XG SP1, podría permitir a un usuario remoto llevar a cabo un ataque y omitir la autenticación en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Apex One. Authentication as a low-privileged Windows domain user is required to exploit this vulnerability. The specific flaw exists within the product patching functionality. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/solution/000287819 https://www.zerodayinitiative.com/advisories/ZDI-21-911 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36742 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36742
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Security versión 10.0 SP1, permite a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/jp/solution/000287815 https://success.trendmicro.com/solution/000287819 https://success.trendmicro.com/solution/000287820 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 14%CPEs: 5EXPL: 0CVE-2021-36741 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36741
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Security versión 10.0 SP1, permite a un adjunto remoto cargar archivos arbitrarios en las instalaciones afectadas. Nota: un atacante debe obtener primero la habilidad de iniciar sesión en la consola de administración del producto para poder explotar esta vulnerabilidad Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files. • https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/jp/solution/000287815 https://success.trendmicro.com/solution/000287819 https://success.trendmicro.com/solution/000287820 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-28646
https://notcve.org/view.php?id=CVE-2021-28646
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. Una vulnerabilidad de permisos de archivo no segura en Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1, podría permitir a un atacante local tomar el control de un archivo de registro específico en las instalaciones afectadas • https://success.trendmicro.com/solution/000286019 https://success.trendmicro.com/solution/000286157 • CWE-732: Incorrect Permission Assignment for Critical Resource •