Search

Find a vulnerability

Search criteria

    116 vulnerabilities found for worry-free_business_security by trendmicro

    CVE-2025-49154 (GCVE-0-2025-49154)

    Vulnerability from nvd – Published: 2025-06-17 18:42 – Updated: 2025-06-17 20:25
    VLAI
    Summary
    An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.14002 (semver)
        cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One as a Service Affected: SaaS , < 14.0.14492 (semver)
        cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Worry-Free Business Security Affected: 10.0 SP1 , < 2514 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:23:50.312099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:25:33.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.14002",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One as a Service",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.14492",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "2514",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T18:42:10.085Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
            },
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019936"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2025-49154",
        "datePublished": "2025-06-17T18:42:10.085Z",
        "dateReserved": "2025-06-02T17:43:08.723Z",
        "dateUpdated": "2025-06-17T20:25:33.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41179 (GCVE-0-2023-41179)

    Vulnerability from nvd – Published: 2023-09-19 13:44 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.12380 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One Affected: SaaS , < 14.0.12637 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Affected: 10.0 SP1 , < 10.0 SP1 Build 2495 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Services Affected: SaaS , < 6.7.3578 / 14.3.1105 (semver)
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security Affected: 10.0
        cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security_services Affected: 0 , < * (custom)
        cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:54:05.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000294994"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000294706"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90967486/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security_services",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41179",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T14:33:08.513391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:37.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-21T00:00:00.000Z",
                "value": "CVE-2023-41179 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.12380",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.12637",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "10.0 SP1 Build 2495",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security Services",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "6.7.3578 / 14.3.1105",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-21T12:26:39.088Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/solution/000294994"
            },
            {
              "url": "https://success.trendmicro.com/jp/solution/000294706"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90967486/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-41179",
        "datePublished": "2023-09-19T13:44:57.831Z",
        "dateReserved": "2023-08-24T14:57:42.645Z",
        "dateUpdated": "2025-10-21T23:05:37.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36336 (GCVE-0-2022-36336)

    Vulnerability from nvd – Published: 2022-07-29 23:15 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
    Severity
    No CVSS data available.
    CWE
    • Link Following LPE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000291267"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 and SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1 and SaaS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following LPE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-29T23:15:34.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000291267"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-36336",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 and SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1 and SaaS"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following LPE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000291267",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000291267"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-36336",
        "datePublished": "2022-07-29T23:15:34.000Z",
        "dateReserved": "2022-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24680 (GCVE-0-2022-24680)

    Vulnerability from nvd – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:52.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24680",
        "datePublished": "2022-02-24T02:45:52.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24679 (GCVE-0-2022-24679)

    Vulnerability from nvd – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:51.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24679",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24679",
        "datePublished": "2022-02-24T02:45:51.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:50.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24678 (GCVE-0-2022-24678)

    Vulnerability from nvd – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
    Severity
    No CVSS data available.
    CWE
    • Resource Exhaustion Denial-of-Service
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Resource Exhaustion Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:49.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Resource Exhaustion Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24678",
        "datePublished": "2022-02-24T02:45:49.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23805 (GCVE-0-2022-23805)

    Vulnerability from nvd – Published: 2022-02-04 22:32 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Out-Of-Bounds Read Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290416"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-Of-Bounds Read Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:32:58.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290416"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-23805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-Of-Bounds Read Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290416",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290416"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-23805",
        "datePublished": "2022-02-04T22:32:58.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45442 (GCVE-0-2021-45442)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:08.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45442",
        "datePublished": "2022-01-08T15:51:08.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45441 (GCVE-0-2021-45441)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Origin Validation Error Local Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Origin Validation Error Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:07.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45441",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Origin Validation Error Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45441",
        "datePublished": "2022-01-08T15:51:07.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45440 (GCVE-0-2021-45440)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:06.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45440",
        "datePublished": "2022-01-08T15:51:06.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45231 (GCVE-0-2021-45231)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:05.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45231",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45231",
        "datePublished": "2022-01-08T15:51:05.000Z",
        "dateReserved": "2021-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44024 (GCVE-0-2021-44024)

    Vulnerability from nvd – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:04.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44024",
        "datePublished": "2022-01-08T15:51:04.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44021 (GCVE-0-2021-44021)

    Vulnerability from nvd – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44021",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44020 (GCVE-0-2021-44020)

    Vulnerability from nvd – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44020",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44019 (GCVE-0-2021-44019)

    Vulnerability from nvd – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:10.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44019",
        "datePublished": "2021-12-03T10:50:10.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-49154 (GCVE-0-2025-49154)

    Vulnerability from cvelistv5 – Published: 2025-06-17 18:42 – Updated: 2025-06-17 20:25
    VLAI
    Summary
    An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.14002 (semver)
        cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One as a Service Affected: SaaS , < 14.0.14492 (semver)
        cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Worry-Free Business Security Affected: 10.0 SP1 , < 2514 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:23:50.312099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:25:33.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.14002",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One as a Service",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.14492",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "2514",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T18:42:10.085Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
            },
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019936"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2025-49154",
        "datePublished": "2025-06-17T18:42:10.085Z",
        "dateReserved": "2025-06-02T17:43:08.723Z",
        "dateUpdated": "2025-06-17T20:25:33.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41179 (GCVE-0-2023-41179)

    Vulnerability from cvelistv5 – Published: 2023-09-19 13:44 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.12380 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One Affected: SaaS , < 14.0.12637 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Affected: 10.0 SP1 , < 10.0 SP1 Build 2495 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Services Affected: SaaS , < 6.7.3578 / 14.3.1105 (semver)
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security Affected: 10.0
        cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security_services Affected: 0 , < * (custom)
        cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:54:05.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000294994"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000294706"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90967486/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security_services",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41179",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T14:33:08.513391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:37.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-21T00:00:00.000Z",
                "value": "CVE-2023-41179 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.12380",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.12637",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "10.0 SP1 Build 2495",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security Services",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "6.7.3578 / 14.3.1105",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-21T12:26:39.088Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/solution/000294994"
            },
            {
              "url": "https://success.trendmicro.com/jp/solution/000294706"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90967486/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-41179",
        "datePublished": "2023-09-19T13:44:57.831Z",
        "dateReserved": "2023-08-24T14:57:42.645Z",
        "dateUpdated": "2025-10-21T23:05:37.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36336 (GCVE-0-2022-36336)

    Vulnerability from cvelistv5 – Published: 2022-07-29 23:15 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
    Severity
    No CVSS data available.
    CWE
    • Link Following LPE
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000291267"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 and SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1 and SaaS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following LPE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-29T23:15:34.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000291267"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-36336",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 and SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1 and SaaS"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following LPE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000291267",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000291267"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1033/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-36336",
        "datePublished": "2022-07-29T23:15:34.000Z",
        "dateReserved": "2022-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24680 (GCVE-0-2022-24680)

    Vulnerability from cvelistv5 – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:52.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24680",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-369/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24680",
        "datePublished": "2022-02-24T02:45:52.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24679 (GCVE-0-2022-24679)

    Vulnerability from cvelistv5 – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Local Privilege Escalation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:50.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:51.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24679",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-370/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24679",
        "datePublished": "2022-02-24T02:45:51.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:50.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-24678 (GCVE-0-2022-24678)

    Vulnerability from cvelistv5 – Published: 2022-02-24 02:45 – Updated: 2024-08-03 04:20
    VLAI
    Summary
    An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
    Severity
    No CVSS data available.
    CWE
    • Resource Exhaustion Denial-of-Service
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:20:49.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Resource Exhaustion Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-24T02:45:49.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-24678",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Resource Exhaustion Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290464",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290464"
                },
                {
                  "name": "https://success.trendmicro.com/solution/000290486",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290486"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-372/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-24678",
        "datePublished": "2022-02-24T02:45:49.000Z",
        "dateReserved": "2022-02-09T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:20:49.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23805 (GCVE-0-2022-23805)

    Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Out-Of-Bounds Read Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000290416"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-Of-Bounds Read Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:32:58.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000290416"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2022-23805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-Of-Bounds Read Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000290416",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000290416"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-147/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2022-23805",
        "datePublished": "2022-02-04T22:32:58.000Z",
        "dateReserved": "2022-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:51:45.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45442 (GCVE-0-2021-45442)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:08.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-015/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45442",
        "datePublished": "2022-01-08T15:51:08.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45441 (GCVE-0-2021-45441)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Origin Validation Error Local Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Origin Validation Error Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:07.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45441",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Origin Validation Error Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-017/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45441",
        "datePublished": "2022-01-08T15:51:07.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45440 (GCVE-0-2021-45440)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Unnecessary Privileges Local Privilege Escalation
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.966Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unnecessary Privileges Local Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:06.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unnecessary Privileges Local Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-016/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45440",
        "datePublished": "2022-01-08T15:51:06.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.966Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-45231 (GCVE-0-2021-45231)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Privilege Escalation
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:05.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-45231",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-013/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-45231",
        "datePublished": "2022-01-08T15:51:05.000Z",
        "dateReserved": "2021-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44024 (GCVE-0-2021-44024)

    Vulnerability from cvelistv5 – Published: 2022-01-08 15:51 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Link Following Denial-of-Service
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289996"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019, SaaS"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1, Services (SaaS)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Link Following Denial-of-Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-08T15:51:04.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289996"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Apex One",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019, SaaS"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1, Services (SaaS)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Link Following Denial-of-Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289996",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289996"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-014/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44024",
        "datePublished": "2022-01-08T15:51:04.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.189Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44021 (GCVE-0-2021-44021)

    Vulnerability from cvelistv5 – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44021",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1366/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44021",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44020 (GCVE-0-2021-44020)

    Vulnerability from cvelistv5 – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44020",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1365/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44020",
        "datePublished": "2021-12-03T10:50:11.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44019 (GCVE-0-2021-44019)

    Vulnerability from cvelistv5 – Published: 2021-12-03 10:50 – Updated: 2024-08-04 04:10
    VLAI
    Summary
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021.
    Severity
    No CVSS data available.
    CWE
    • Improper Privilege Management
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000289230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.0 SP1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-03T10:50:10.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://success.trendmicro.com/solution/000289230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2021-44019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Worry-Free Business Security",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "10.0 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://success.trendmicro.com/solution/000289230",
                  "refsource": "MISC",
                  "url": "https://success.trendmicro.com/solution/000289230"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1364/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2021-44019",
        "datePublished": "2021-12-03T10:50:10.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }