CVE-2021-28645

Published: Apr 13, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (3)

Products: Trendmicro: Apex One, Officescan

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	Version 2019
Trendmicro Apex One	Version 2019
Trendmicro Officescan	Version xg sp1

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

https://success.trendmicro.com/solution/000286019

Source: security@trendmicro.com

Vendor Advisory

https://success.trendmicro.com/solution/000286157

Source: security@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-402/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/solution/000286019

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://success.trendmicro.com/solution/000286157

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-402/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.