Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-25252 (GCVE-0-2021-25252)
Vulnerability from cvelistv5 – Published: 2021-03-03 15:43 – Updated: 2024-08-03 19:56
VLAI?
EPSS
Summary
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
Severity ?
No CVSS data available.
CWE
- Memory Exhaustion
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Virus Scan API (VSAPI) Engine |
Affected:
12.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Virus Scan API (VSAPI) Engine",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Exhaustion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T15:43:40.000Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Virus Scan API (VSAPI) Engine",
"version": {
"version_data": [
{
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Exhaustion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000285675",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25252",
"datePublished": "2021-03-03T15:43:40.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:56:11.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-25252\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2021-03-03T16:15:13.087\",\"lastModified\":\"2024-11-21T05:54:38.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.\"},{\"lang\":\"es\",\"value\":\"La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegaci\u00f3n de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente dise\u00f1ado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1A4CE49-201A-4A47-A760-6463C454A6AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"219071B9-2D31-4E7F-A0AD-769FE0243B35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:cloud_edge:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E326AF6-B46B-40BE-8CDF-0F94A99FAED6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31C9ADB-D6BB-4C69-A6D6-DFFD2D2140D6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security:10.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B7E15DA-AE75-4CD7-AA71-A560A78D968C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security:11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8241E0BC-5DA9-4C60-B844-56FC23E47152\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security:12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E49F38B-B210-49CB-9F76-B65CAB36BC74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"398B0CDB-03CB-434C-9650-24340C093C86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:control_manager:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"165D2436-C6A3-47A9-9FE3-51628BF6C414\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_discovery_analyzer:5.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C0DF7-D04B-4BF6-8A9C-FD9AB7E68B0A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_discovery_email_inspector:2.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B664C78E-D12E-4405-A35F-54BD90437AD3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D67DBF-FA30-44B7-9404-9C17EA72295B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0429A7DF-3CB4-44BB-A26A-54DB9EE25ABD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFF71E3A-0C66-4FCC-AEEE-3CCFBDCF3ADD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:officescan:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3448C332-00D7-41B3-BD1A-9D665CED4F6A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:portal_protect:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3649712F-7311-453F-BC0B-6608F4750086\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*\",\"matchCriteriaId\":\"37BCA3F5-0BC9-4287-A97F-F5E20465EF0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:scanmail_for_ibm_domino:5.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E45ABCCA-69AD-45B6-833C-06380C83702E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:serverprotect_for_storage:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C44B160-E042-465C-9442-296202E9B750\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:serverprotect:5.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"889BBE0A-A33B-4CF8-8801-DC1202621FAA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:emc:celerra_network_attached_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABC70E5-DC68-4538-B7AA-30385E54FC45\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61BD8560-99BE-46E5-8366-7CD9CD3427E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:serverprotect_for_network_appliance_filers:5.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"60880631-D7EC-4F88-8C4C-9217861D2047\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D877693-7976-44ED-AE10-EADF8C98ACB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:safe_lock:1.1:-:*:*:txone:*:*:*\",\"matchCriteriaId\":\"E82A9956-C47F-4AC2-BFAE-A12C496502A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:worry-free_business_security:10.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED502EB1-F3E9-46B6-BE08-6FCCE0AE1E12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/solution/000285675\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://success.trendmicro.com/solution/000285675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2021-25252
Vulnerability from fkie_nvd - Published: 2021-03-03 16:15 - Updated: 2024-11-21 05:54
Severity ?
Summary
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000285675 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000285675 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "F1A4CE49-201A-4A47-A760-6463C454A6AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:cloud_edge:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E326AF6-B46B-40BE-8CDF-0F94A99FAED6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:*",
"matchCriteriaId": "E31C9ADB-D6BB-4C69-A6D6-DFFD2D2140D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6B7E15DA-AE75-4CD7-AA71-A560A78D968C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8241E0BC-5DA9-4C60-B844-56FC23E47152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3E49F38B-B210-49CB-9F76-B65CAB36BC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "398B0CDB-03CB-434C-9650-24340C093C86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:control_manager:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "165D2436-C6A3-47A9-9FE3-51628BF6C414",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_discovery_analyzer:5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A31C0DF7-D04B-4BF6-8A9C-FD9AB7E68B0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_discovery_email_inspector:2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "B664C78E-D12E-4405-A35F-54BD90437AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:-:*:*:*:*:*:*",
"matchCriteriaId": "B6D67DBF-FA30-44B7-9404-9C17EA72295B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0429A7DF-3CB4-44BB-A26A-54DB9EE25ABD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "DFF71E3A-0C66-4FCC-AEEE-3CCFBDCF3ADD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:officescan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3448C332-00D7-41B3-BD1A-9D665CED4F6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:portal_protect:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3649712F-7311-453F-BC0B-6608F4750086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*",
"matchCriteriaId": "37BCA3F5-0BC9-4287-A97F-F5E20465EF0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:scanmail_for_ibm_domino:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "E45ABCCA-69AD-45B6-833C-06380C83702E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:serverprotect_for_storage:6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3C44B160-E042-465C-9442-296202E9B750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:serverprotect:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "889BBE0A-A33B-4CF8-8801-DC1202621FAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emc:celerra_network_attached_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FABC70E5-DC68-4538-B7AA-30385E54FC45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61BD8560-99BE-46E5-8366-7CD9CD3427E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:serverprotect_for_network_appliance_filers:5.8:-:*:*:*:*:*:*",
"matchCriteriaId": "60880631-D7EC-4F88-8C4C-9217861D2047",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D877693-7976-44ED-AE10-EADF8C98ACB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:safe_lock:1.1:-:*:*:txone:*:*:*",
"matchCriteriaId": "E82A9956-C47F-4AC2-BFAE-A12C496502A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:10.1:-:*:*:*:*:*:*",
"matchCriteriaId": "ED502EB1-F3E9-46B6-BE08-6FCCE0AE1E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
},
{
"lang": "es",
"value": "La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegaci\u00f3n de servicio o a un congelamiento del sistema si es explotada por un atacante usando un archivo especialmente dise\u00f1ado"
}
],
"id": "CVE-2021-25252",
"lastModified": "2024-11-21T05:54:38.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-03T16:15:13.087",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000285675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-202103-1322
Vulnerability from variot - Updated: 2022-05-04 08:33Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. plural Trend Micro The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1322",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deep security",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "12.0"
},
{
"model": "interscan web security virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "6.5"
},
{
"model": "serverprotect for network appliance filers",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "5.8"
},
{
"model": "deep security",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "20.0"
},
{
"model": "apex one",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "2019"
},
{
"model": "scanmail",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "14.0"
},
{
"model": "serverprotect for storage",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "6.0"
},
{
"model": "scanmail for ibm domino",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "5.8"
},
{
"model": "apex one",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": null
},
{
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.1"
},
{
"model": "deep discovery inspector",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "3.8"
},
{
"model": "cloud edge",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "5.0"
},
{
"model": "safe lock",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "1.1"
},
{
"model": "officescan",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": null
},
{
"model": "worry-free business security",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "10.1"
},
{
"model": "deep security",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "10.0"
},
{
"model": "deep discovery analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "5.1"
},
{
"model": "control manager",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "7.0"
},
{
"model": "apex central",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "2019"
},
{
"model": "deep security",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "11.0"
},
{
"model": "portal protect",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "2.6"
},
{
"model": "deep discovery email inspector",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "2.5"
},
{
"model": "serverprotect",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "5.8"
},
{
"model": "apex one",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "trend micro control manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "deep discovery inspector",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "interscan messaging security virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "cloud edge",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "trend micro deep security",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "deep discovery analyzer",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "deep discovery email inspector",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "trendmicro interscan web security virtual appliance",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
},
{
"model": "apex central",
"scope": null,
"trust": 0.8,
"vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:cloud_edge:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:10.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:11.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:12.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:long_term_support:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:control_manager:7.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:control_manager:7.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_discovery_analyzer:5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_discovery_email_inspector:2.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:officescan:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:officescan:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:portal_protect:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:portal_protect:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:scanmail_for_ibm_domino:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:scanmail_for_ibm_domino:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect_for_storage:6.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect_for_storage:6.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emc:celerra_network_attached_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:emc:celerra_network_attached_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect_for_network_appliance_filers:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect_for_network_appliance_filers:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:safe_lock:1.1:-:*:*:txone:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:safe_lock:1.1:-:*:*:txone:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:worry-free_business_security:10.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:worry-free_business_security:10.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"cve": "CVE-2021-25252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25252",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2021-25252",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25252",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25252",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-242",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-242"
},
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. plural Trend Micro The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25252"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25252",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU93009588",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-242",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-242"
},
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"id": "VAR-202103-1322",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.29385966
},
"last_update_date": "2022-05-04T08:33:12.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "000285675",
"trust": 0.8,
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://success.trendmicro.com/solution/000285675"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93009588/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25252"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/trend-micro-scan-engine-denial-of-service-via-memory-exhaustion-34744"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-242"
},
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-242"
},
{
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"date": "2021-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-242"
},
{
"date": "2021-03-03T16:15:00",
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-02T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-004941"
},
{
"date": "2021-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-242"
},
{
"date": "2021-09-08T17:23:00",
"db": "NVD",
"id": "CVE-2021-25252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-242"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Trend\u00a0Micro\u00a0 Resource depletion vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-242"
}
],
"trust": 0.6
}
}
GSD-2021-25252
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-25252",
"description": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.",
"id": "GSD-2021-25252"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-25252"
],
"details": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.",
"id": "GSD-2021-25252",
"modified": "2023-12-13T01:23:21.595534Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Virus Scan API (VSAPI) Engine\r\n",
"version": {
"version_data": [
{
"version_value": "12.0"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Exhaustion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000285675",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:cloud_edge:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:10.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:11.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:12.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:long_term_support:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:control_manager:7.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_discovery_analyzer:5.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_discovery_email_inspector:2.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:deep_discovery_inspector:3.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:9.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:6.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:officescan:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:portal_protect:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:scanmail_for_ibm_domino:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect_for_storage:6.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:emc:celerra_network_attached_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:novell:netware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:serverprotect_for_network_appliance_filers:5.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:safe_lock:1.1:-:*:*:txone:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:worry-free_business_security:10.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25252"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000285675",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-09-08T17:23Z",
"publishedDate": "2021-03-03T16:15Z"
}
}
}
GHSA-F392-JC49-593J
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43
VLAI?
Details
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
{
"affected": [],
"aliases": [
"CVE-2021-25252"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-03T16:15:00Z",
"severity": "MODERATE"
},
"details": "Trend Micro\u0027s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.",
"id": "GHSA-f392-jc49-593j",
"modified": "2022-05-24T17:43:35Z",
"published": "2022-05-24T17:43:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25252"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000285675"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2021-AVI-159
Vulnerability from certfr_avis - Published: 2021-03-03 - Updated: 2021-03-03
Une vulnérabilité a été découverte dans les produits Trend Micro. Elle permet à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | N/A | Worry-Free Business Security version antérieures à 10.1 SP1 Patch 2274 (pour Windows) | ||
| Trend Micro | N/A | InterScan Messaging Security Virtual Appliance version antérieures à 9.1 CP2034 | ||
| Trend Micro | N/A | ServerProtect for EMC Celerra version antérieures à 5.8 CP1573 EMC Celerra | ||
| Trend Micro | N/A | OfficeScan version antérieures à XG SP1 CP6040 (pour Windows) | ||
| Trend Micro | N/A | ServerProtect for Windows/Netware version antérieures à 5.8 CP1571 | ||
| Trend Micro | N/A | Control Manager version antérieures à 7.0 CP 3215 (pour Windows) | ||
| Trend Micro | N/A | ScanMail for IBM Domino version antérieures à 5.8 CP1083 (pour Windows et Linux) | ||
| Trend Micro | N/A | InterScan Web Security Virtual Appliance version antérieures à 6.5 CP1926 | ||
| Trend Micro | N/A | Deep Discovery Analyzer version antérieures à 5.1+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | ServerProtect for Network Appliance Filers version antérieures à 5.8 CP1295 NetApp | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 20.0 LTS (correctif du 18 janvier 2021) | ||
| Trend Micro | Deep Discovery Inspector | Deep Discovery Inspector version antérieures à 3.8+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | ServerProtect for Storage version antérieures à 6.0 CP1274 (pour Windows) | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 12.0 U15 | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 11.0 U25 | ||
| Trend Micro | N/A | Safe Lock TXOne Edition version antérieures à 1.1 CP1042 (pour Windows) | ||
| Trend Micro | N/A | PortalProtect version antérieures à 2.6 CP1045 (pour Windows) | ||
| Trend Micro | N/A | Deep Discovery Email Inspector version antérieures à 2.5+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | Cloud Edge version antérieures à 5.0+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 10.0 U29 | ||
| Trend Micro | Apex One | Apex One version antérieures à 2019 CP9167 (On Premise) SaaS (B2101) (pour Windows et macOS) | ||
| Trend Micro | N/A | ScanMail for Exchange version antérieures à 14.0 CP3083 (pour Windows) | ||
| Trend Micro | N/A | ServerProtect for Linux version antérieures à 3.0 CP1649 | ||
| Trend Micro | N/A | Apex Central version antérieures à 2019 CP5534 SaaS (pour Windows) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Worry-Free Business Security version ant\u00e9rieures \u00e0 10.1 SP1 Patch 2274 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "InterScan Messaging Security Virtual Appliance version ant\u00e9rieures \u00e0 9.1 CP2034",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for EMC Celerra version ant\u00e9rieures \u00e0 5.8 CP1573 EMC Celerra",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "OfficeScan version ant\u00e9rieures \u00e0 XG SP1 CP6040 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Windows/Netware version ant\u00e9rieures \u00e0 5.8 CP1571",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Control Manager version ant\u00e9rieures \u00e0 7.0 CP 3215 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ScanMail for IBM Domino version ant\u00e9rieures \u00e0 5.8 CP1083 (pour Windows et Linux)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "InterScan Web Security Virtual Appliance version ant\u00e9rieures \u00e0 6.5 CP1926",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Analyzer version ant\u00e9rieures \u00e0 5.1+ correctif via ActiveUpdate",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Network Appliance Filers version ant\u00e9rieures \u00e0 5.8 CP1295 NetApp",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 20.0 LTS (correctif du 18 janvier 2021)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Inspector version ant\u00e9rieures \u00e0 3.8+ correctif via ActiveUpdate",
"product": {
"name": "Deep Discovery Inspector",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Storage version ant\u00e9rieures \u00e0 6.0 CP1274 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 12.0 U15",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 11.0 U25",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Safe Lock TXOne Edition version ant\u00e9rieures \u00e0 1.1 CP1042 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "PortalProtect version ant\u00e9rieures \u00e0 2.6 CP1045 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Email Inspector version ant\u00e9rieures \u00e0 2.5+ correctif via ActiveUpdate",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Cloud Edge version ant\u00e9rieures \u00e0 5.0+ correctif via ActiveUpdate",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 10.0 U29",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One version ant\u00e9rieures \u00e0 2019 CP9167 (On Premise) SaaS (B2101) (pour Windows et macOS)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ScanMail for Exchange version ant\u00e9rieures \u00e0 14.0 CP3083 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Linux version ant\u00e9rieures \u00e0 3.0 CP1649",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central version ant\u00e9rieures \u00e0 2019 CP5534 SaaS (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25252"
}
],
"initial_release_date": "2021-03-03T00:00:00",
"last_revision_date": "2021-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-159",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Trend Micro. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000285675 du 02 mars 2021",
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
CNVD-2021-17222
Vulnerability from cnvd - Published: 2021-03-13
VLAI Severity ?
Title
Trend Micro Virus Scan API拒绝服务漏洞
Description
Trend Micro Virus Scan是中国趋势科技(Trend)公司的一个应用软件。提供了一个病毒扫描的功能。
Trend Micro Virus Scan API在安全漏洞,攻击者可利用该漏洞使用了特别制作的文件,可能会导致拒绝服务或系统冻结。
Severity
高
Patch Name
Trend Micro Virus Scan API拒绝服务漏洞的补丁
Patch Description
Trend Micro Virus Scan是中国趋势科技(Trend)公司的一个应用软件。提供了一个病毒扫描的功能。
Trend Micro Virus Scan API在安全漏洞,攻击者可利用该漏洞使用了特别制作的文件,可能会导致拒绝服务或系统冻结。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://success.trendmicro.com/solution/000285675
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-25252
Impacted products
| Name | Trend Trend Micro Virus Scan |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-25252",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-25252"
}
},
"description": "Trend Micro Virus Scan\u662f\u4e2d\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e86\u4e00\u4e2a\u75c5\u6bd2\u626b\u63cf\u7684\u529f\u80fd\u3002\n\nTrend Micro Virus Scan API\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u4e86\u7279\u522b\u5236\u4f5c\u7684\u6587\u4ef6\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u7cfb\u7edf\u51bb\u7ed3\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://success.trendmicro.com/solution/000285675",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-17222",
"openTime": "2021-03-13",
"patchDescription": "Trend Micro Virus Scan\u662f\u4e2d\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e86\u4e00\u4e2a\u75c5\u6bd2\u626b\u63cf\u7684\u529f\u80fd\u3002\r\n\r\nTrend Micro Virus Scan API\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u4e86\u7279\u522b\u5236\u4f5c\u7684\u6587\u4ef6\uff0c\u53ef\u80fd\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u7cfb\u7edf\u51bb\u7ed3\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Trend Micro Virus Scan API\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Trend Trend Micro Virus Scan"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-25252",
"serverity": "\u9ad8",
"submitTime": "2021-03-05",
"title": "Trend Micro Virus Scan API\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
BDU:2021-01601
Vulnerability from fstec - Published: 02.03.2021
VLAI Severity ?
Title
Уязвимость антивирусных программных средств Trend Micro's Virus Scan API (VSAPI) и Advanced Threat Scan Engine (ATSE), связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать зависание программы или отказ в обслуживании
Description
Уязвимость антивирусных программных средств Trend Micro's Virus Scan API (VSAPI) и Advanced Threat Scan Engine (ATSE) связана с некорректной зачисткой или освобождением ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать зависание программы или отказ в обслуживании при помощи специально созданного файла
Severity ?
Vendor
Trend Micro
Software Name
Virus Scan API, Advanced Threat Scan Engine
Software Version
- (Virus Scan API), - (Advanced Threat Scan Engine)
Possible Mitigations
Использование рекомендаций:
https://success.trendmicro.com/solution/000285675
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-25252
https://success.trendmicro.com/solution/000285675
https://vuldb.com/?id.170647
CWE
CWE-404
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Trend Micro",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Virus Scan API), - (Advanced Threat Scan Engine)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://success.trendmicro.com/solution/000285675",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.03.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01601",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-25252",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Virus Scan API, Advanced Threat Scan Engine",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Trend Micro\u0027s Virus Scan API (VSAPI) \u0438 Advanced Threat Scan Engine (ATSE), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0437\u0430\u0432\u0438\u0441\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0438\u043b\u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Trend Micro\u0027s Virus Scan API (VSAPI) \u0438 Advanced Threat Scan Engine (ATSE) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u0437\u0430\u0432\u0438\u0441\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0438\u043b\u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2021-25252\nhttps://success.trendmicro.com/solution/000285675\nhttps://vuldb.com/?id.170647",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-404",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,7)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…