CVE-2021-36742

HIGH7.8

CISA KEV

Description

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Trend Micro / Trend Micro Apex One2019, SaaS – 2019, SaaS
Trend Micro / Trend Micro OfficeScanXG SP1 – XG SP1
Trend Micro / Trend Micro Worry-Free Business Security10.0 SP1 – 10.0 SP1

References

MISChttps://success.trendmicro.com/solution/000287819
MISChttps://success.trendmicro.com/solution/000287820
MISChttps://success.trendmicro.com/jp/solution/000287796
MISChttps://success.trendmicro.com/jp/solution/000287815