CVE-2021-32464

Published: Aug 4, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (2)

Products: Trendmicro: Apex One, Officescan

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	Version 2019
Trendmicro Officescan	Version xg sp1

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (8)

https://success.trendmicro.com/jp/solution/000287796

Source: security@trendmicro.com

Vendor Advisory

https://success.trendmicro.com/solution/000286857

Source: security@trendmicro.com

Vendor Advisory

https://success.trendmicro.com/solution/000287819

Source: security@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-910/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/jp/solution/000287796

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://success.trendmicro.com/solution/000286857

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://success.trendmicro.com/solution/000287819

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-910/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.