Search

Find a vulnerability

Search criteria

    92 vulnerabilities found for Trend Micro Worry-Free Business Security by Trend Micro

    CVE-2022-36336 (GCVE-0-2022-36336)

    Vulnerability from nvd – Published: 2022-07-29 23:15 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
    Severity
    No CVSS data available.
    CWE
    • Link Following LPE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000291267"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 and SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1 and SaaS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following LPE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-29T23:15:34.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000291267"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-36336",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 and SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1 and SaaS"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following LPE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000291267",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000291267"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-36336",
        "datePublished": "2022-07-29T23:15:34.000Z",
        "dateReserved": "2022-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24680 (GCVE-0-2022-24680)

    Vulnerability from nvd – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:52.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24680",
        "datePublished": "2022-02-24T02:45:52.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24679 (GCVE-0-2022-24679)

    Vulnerability from nvd – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:51.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24679",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24679",
        "datePublished": "2022-02-24T02:45:51.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:50.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24678 (GCVE-0-2022-24678)

    Vulnerability from nvd – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
    Severity
    No CVSS data available.
    CWE
    • Resource Exhaustion Denial-of-Service
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Resource Exhaustion Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:49.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Resource Exhaustion Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24678",
        "datePublished": "2022-02-24T02:45:49.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23805 (GCVE-0-2022-23805)

    Vulnerability from nvd – Published: 2022-02-04 22:32 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Out-Of-Bounds Read Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290416"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-Of-Bounds Read Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:32:58.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290416"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-23805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-Of-Bounds Read Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290416",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290416"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-23805",
        "datePublished": "2022-02-04T22:32:58.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45442 (GCVE-0-2021-45442)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:08.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45442",
        "datePublished": "2022-01-08T15:51:08.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45440 (GCVE-0-2021-45440)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:06.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45440",
        "datePublished": "2022-01-08T15:51:06.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45231 (GCVE-0-2021-45231)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:05.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45231",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45231",
        "datePublished": "2022-01-08T15:51:05.000Z",
        "dateReserved": "2021-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44024 (GCVE-0-2021-44024)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:04.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44024",
        "datePublished": "2022-01-08T15:51:04.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44021 (GCVE-0-2021-44021)

    Vulnerability from nvd – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44021",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44020 (GCVE-0-2021-44020)

    Vulnerability from nvd – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44020",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44019 (GCVE-0-2021-44019)

    Vulnerability from nvd – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:10.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44019",
        "datePublished": "2021-12-03T10:50:10.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42108 (GCVE-0-2021-42108)

    Vulnerability from nvd – Published: 2021-10-21 07:46 – Updated: 2024-08-04 03:22
    VLAI
    Summary
    Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:25.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-21T07:46:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-42108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289229",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289229"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1217/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-42108",
        "datePublished": "2021-10-21T07:46:11.000Z",
        "dateReserved": "2021-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:22:25.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42107 (GCVE-0-2021-42107)

    Vulnerability from nvd – Published: 2021-10-21 07:46 – Updated: 2024-08-04 03:22
    VLAI
    Summary
    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:25.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-21T07:46:10.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-42107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289229",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289229"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1214/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-42107",
        "datePublished": "2021-10-21T07:46:10.000Z",
        "dateReserved": "2021-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:22:25.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42106 (GCVE-0-2021-42106)

    Vulnerability from nvd – Published: 2021-10-21 07:46 – Updated: 2024-08-04 03:22
    VLAI
    Summary
    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:25.939Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-21T07:46:09.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-42106",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289229",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289229"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1218/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-42106",
        "datePublished": "2021-10-21T07:46:09.000Z",
        "dateReserved": "2021-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:22:25.939Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42105 (GCVE-0-2021-42105)

    Vulnerability from nvd – Published: 2021-10-21 07:46 – Updated: 2024-08-04 03:22
    VLAI
    Summary
    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:25.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-21T07:46:08.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-42105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42106 and 42107."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289229",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289229"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1215/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-42105",
        "datePublished": "2021-10-21T07:46:08.000Z",
        "dateReserved": "2021-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:22:25.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42104 (GCVE-0-2021-42104)

    Vulnerability from nvd – Published: 2021-10-21 07:46 – Updated: 2024-08-04 03:22
    VLAI
    Summary
    Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:25.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-21T07:46:07.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-42104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289229",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289229"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1216/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-42104",
        "datePublished": "2021-10-21T07:46:07.000Z",
        "dateReserved": "2021-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:22:25.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42012 (GCVE-0-2021-42012)

    Vulnerability from nvd – Published: 2021-10-21 07:46 – Updated: 2024-08-04 03:22
    VLAI
    Summary
    A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Stack-based Buffer Overflow Privilege Escalation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:25.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289229"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-21T07:46:03.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289229"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-42012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289229",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289229"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1221/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-42012",
        "datePublished": "2021-10-21T07:46:03.000Z",
        "dateReserved": "2021-10-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:22:25.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36336 (GCVE-0-2022-36336)

    Vulnerability from cvelistv5 – Published: 2022-07-29 23:15 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
    Severity
    No CVSS data available.
    CWE
    • Link Following LPE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000291267"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 and SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1 and SaaS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following LPE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-29T23:15:34.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000291267"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-36336",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 and SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1 and SaaS"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following LPE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000291267",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000291267"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-36336",
        "datePublished": "2022-07-29T23:15:34.000Z",
        "dateReserved": "2022-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24680 (GCVE-0-2022-24680)

    Vulnerability from cvelistv5 – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:52.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24680",
        "datePublished": "2022-02-24T02:45:52.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24679 (GCVE-0-2022-24679)

    Vulnerability from cvelistv5 – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:51.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24679",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24679",
        "datePublished": "2022-02-24T02:45:51.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:50.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24678 (GCVE-0-2022-24678)

    Vulnerability from cvelistv5 – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
    Severity
    No CVSS data available.
    CWE
    • Resource Exhaustion Denial-of-Service
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Resource Exhaustion Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:49.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Resource Exhaustion Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24678",
        "datePublished": "2022-02-24T02:45:49.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23805 (GCVE-0-2022-23805)

    Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Out-Of-Bounds Read Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290416"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-Of-Bounds Read Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:32:58.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290416"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-23805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-Of-Bounds Read Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290416",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290416"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-23805",
        "datePublished": "2022-02-04T22:32:58.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45442 (GCVE-0-2021-45442)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:08.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45442",
        "datePublished": "2022-01-08T15:51:08.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45440 (GCVE-0-2021-45440)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:06.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45440",
        "datePublished": "2022-01-08T15:51:06.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45231 (GCVE-0-2021-45231)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:05.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45231",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45231",
        "datePublished": "2022-01-08T15:51:05.000Z",
        "dateReserved": "2021-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44024 (GCVE-0-2021-44024)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:04.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44024",
        "datePublished": "2022-01-08T15:51:04.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44021 (GCVE-0-2021-44021)

    Vulnerability from cvelistv5 – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44021",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44020 (GCVE-0-2021-44020)

    Vulnerability from cvelistv5 – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44020",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44019 (GCVE-0-2021-44019)

    Vulnerability from cvelistv5 – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:10.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44019",
        "datePublished": "2021-12-03T10:50:10.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }