Summary
| Detail | |||
|---|---|---|---|
| Vendor | Trendmicro | First view | 2019-10-28 |
| Product | Apex One | Last view | 2021-10-21 |
| Version | 2019 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:trendmicro:apex_one | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2021-10-21 | CVE-2021-42108 | Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-10-21 | CVE-2021-42107 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106. |
| 7.8 | 2021-10-21 | CVE-2021-42106 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107. |
| 7.8 | 2021-10-21 | CVE-2021-42105 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107. |
| 7.8 | 2021-10-21 | CVE-2021-42104 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107. |
| 7.8 | 2021-10-21 | CVE-2021-42103 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42101. |
| 7.8 | 2021-10-21 | CVE-2021-42102 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-10-21 | CVE-2021-42101 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identical to CVE-2021-42103. |
| 7.8 | 2021-10-21 | CVE-2021-42012 | A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-10-21 | CVE-2021-42011 | An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.5 | 2021-10-21 | CVE-2021-23139 | A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. |
| 8.8 | 2021-08-04 | CVE-2021-32465 | An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-08-04 | CVE-2021-32464 | An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-07-20 | CVE-2021-32463 | An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 5.5 | 2021-04-13 | CVE-2021-28646 | An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. |
| 7.8 | 2021-04-13 | CVE-2021-28645 | An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-04-13 | CVE-2021-25253 | An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-04-13 | CVE-2021-25250 | An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 7.8 | 2021-02-04 | CVE-2021-25249 | An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 5.5 | 2021-02-04 | CVE-2021-25248 | An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| 6.5 | 2021-02-04 | CVE-2021-25246 | An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries. |
| 5.3 | 2021-02-04 | CVE-2021-25243 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. |
| 5.3 | 2021-02-04 | CVE-2021-25242 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. |
| 5.3 | 2021-02-04 | CVE-2021-25241 | A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. |
| 5.3 | 2021-02-04 | CVE-2021-25240 | An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (11) | CWE-200 | Information Exposure |
| 16% (8) | CWE-125 | Out-of-bounds Read |
| 14% (7) | CWE-269 | Improper Privilege Management |
| 6% (3) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 6% (3) | CWE-427 | Uncontrolled Search Path Element |
| 4% (2) | CWE-787 | Out-of-bounds Write |
| 4% (2) | CWE-276 | Incorrect Default Permissions |
| 4% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 2% (1) | CWE-494 | Download of Code Without Integrity Check |
| 2% (1) | CWE-476 | NULL Pointer Dereference |
| 2% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 2% (1) | CWE-415 | Double Free |
| 2% (1) | CWE-306 | Missing Authentication for Critical Function |
| 2% (1) | CWE-287 | Improper Authentication |
| 2% (1) | CWE-281 | Improper Preservation of Permissions |
| 2% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 2% (1) | CWE-20 | Improper Input Validation |
