CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32464 – Trend Micro Worry-Free Business Security Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32464
30 Jul 2021 — An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios por asignación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service ... • https://success.trendmicro.com/jp/solution/000287796 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2021-32465 – Trend Micro Apex One Incorrect Permission Preservation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-32465
30 Jul 2021 — An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de conservación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y OfficeScan XG SP1, podría permitir a u... • https://success.trendmicro.com/jp/solution/000287796 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-36742 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36742
29 Jul 2021 — A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Sec... • https://success.trendmicro.com/jp/solution/000287796 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36741 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36741
29 Jul 2021 — An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada inapropiada en Trend Micro Apex One, Apex One as a Service, OfficeScan XG y Worry-Free Business Secu... • https://success.trendmicro.com/jp/solution/000287796 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-28646
https://notcve.org/view.php?id=CVE-2021-28646
13 Apr 2021 — An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. Una vulnerabilidad de permisos de archivo no segura en Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1, podría permitir a un atacante local tomar el control de un archivo de registro específico en las instalaciones afectadas • https://success.trendmicro.com/solution/000286019 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-28645 – Trend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-28645
12 Apr 2021 — An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de asignación de permisos incorrecta en Trend Micro Apex One, Apex One as a Service y OfficeScan XG SP1, podría permitir a un atacante local escalar ... • https://success.trendmicro.com/solution/000286019 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25250 – Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25250
12 Apr 2021 — An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One, Trend Micro Apex One as a Service y OfficeScan XG SP1, en un archiv... • https://success.trendmicro.com/solution/000286019 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-25253 – Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25253
12 Apr 2021 — An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One, Trend Micro Apex One as a Service y OfficeScan XG SP1... • https://github.com/msd0pe-1/CVE-2021-25253 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25228 – Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25228
29 Jan 2021 — An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. Una vulnerabilidad de control de acceso inapropiado en Trend Micro Apex One (local y SaaS), OfficeScan XG SP1 y Worry-Free Business Security versión 10.0 SP1, podría permitir a un usuario no autenticado obtener información sobre el historial de revisiones This vulnerability allows remo... • https://success.trendmicro.com/solution/000284202 •