Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-067
Vulnerability from certfr_avis - Published: 2021-01-29 - Updated: 2021-01-29
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One sans le dernier correctif CP9167 | ||
| Trend Micro | Apex One | Apex One as a Service sans le dernier correctif mensuel (202101) | ||
| Trend Micro | N/A | OfficeScan XG SP1 sans le dernier correctif CP6040 | ||
| Trend Micro | N/A | Worry-Free Business Security Services (WFBSS) sans le dernier correctif mensuel (6.7.1500) | ||
| Trend Micro | N/A | Worry-Free Business Security (WFBS) 10 SP1 sans le dernier correctif 2274 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One sans le dernier correctif CP9167",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service sans le dernier correctif mensuel (202101)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "OfficeScan XG SP1 sans le dernier correctif CP6040",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security Services (WFBSS) sans le dernier correctif mensuel (6.7.1500)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security (WFBS) 10 SP1 sans le dernier correctif 2274",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25237",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25237"
},
{
"name": "CVE-2021-25249",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25249"
},
{
"name": "CVE-2021-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25236"
},
{
"name": "CVE-2021-25239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25239"
},
{
"name": "CVE-2021-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25248"
},
{
"name": "CVE-2021-25230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25230"
},
{
"name": "CVE-2021-25228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25228"
},
{
"name": "CVE-2021-25238",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25238"
},
{
"name": "CVE-2021-25233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25233"
},
{
"name": "CVE-2021-25231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25231"
},
{
"name": "CVE-2021-25240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25240"
},
{
"name": "CVE-2021-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25235"
},
{
"name": "CVE-2021-25242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25242"
},
{
"name": "CVE-2021-25244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25244"
},
{
"name": "CVE-2021-25234",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25234"
},
{
"name": "CVE-2021-25229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25229"
},
{
"name": "CVE-2021-25232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25232"
},
{
"name": "CVE-2021-25241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25241"
},
{
"name": "CVE-2021-25243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25243"
},
{
"name": "CVE-2021-25245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25245"
},
{
"name": "CVE-2021-25246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25246"
}
],
"initial_release_date": "2021-01-29T00:00:00",
"last_revision_date": "2021-01-29T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-067",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284206 du 28 janvier 2021",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284202 du 28 janvier 2021",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284205 du 28 janvier 2021",
"url": "https://success.trendmicro.com/solution/000284205"
}
]
}
CVE-2021-25238 (GCVE-0-2021-25238)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:44.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent\u0027s managing port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-121/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25238",
"datePublished": "2021-02-04T19:36:45.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25239 (GCVE-0-2021-25239)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:45.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-112/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25239",
"datePublished": "2021-02-04T19:36:45.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25240 (GCVE-0-2021-25240)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:46.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-113/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25240",
"datePublished": "2021-02-04T19:36:46.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25241 (GCVE-0-2021-25241)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
Severity
No CVSS data available.
CWE
- SSRF Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:47.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-114/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25241",
"datePublished": "2021-02-04T19:36:47.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25242 (GCVE-0-2021-25242)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:47.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-115/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25242",
"datePublished": "2021-02-04T19:36:47.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25243 (GCVE-0-2021-25243)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:48.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-116/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25243",
"datePublished": "2021-02-04T19:36:48.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25244 (GCVE-0-2021-25244)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:49.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-123/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25244",
"datePublished": "2021-02-04T19:36:49.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25245 (GCVE-0-2021-25245)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:49.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-122/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25245",
"datePublished": "2021-02-04T19:36:49.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25246 (GCVE-0-2021-25246)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
Severity
No CVSS data available.
CWE
- Improper Access Control Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:50.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-117/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25246",
"datePublished": "2021-02-04T19:36:50.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25248 (GCVE-0-2021-25248)
Vulnerability from cvelistv5 – Published: 2021-02-04 19:36 – Updated: 2024-08-03 19:56
VLAI
EPSS
Summary
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Read Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://success.trendmicro.com/solution/000284202 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284205 | x_refsource_MISC |
| https://success.trendmicro.com/solution/000284206 | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One |
Affected:
2019, SaaS
|
|
| Trend Micro | Trend Micro OfficeScan |
Affected:
XG SP1
|
|
| Trend Micro | Trend Micro Worry-Free Business Security |
Affected:
10.0 SP1, Services (SaaS)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019, SaaS"
}
]
},
{
"product": "Trend Micro OfficeScan",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "XG SP1"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "10.0 SP1, Services (SaaS)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-04T19:36:51.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2019, SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
},
{
"product_name": "Trend Micro Worry-Free Business Security",
"version": {
"version_data": [
{
"version_value": "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000284202",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"name": "https://success.trendmicro.com/solution/000284205",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"name": "https://success.trendmicro.com/solution/000284206",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-118/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25248",
"datePublished": "2021-02-04T19:36:51.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…