← Back

CVE-2021-36742

nvd nist
Published: Jul 29, 2021Modified: Oct 31, 2025CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (4)

Trendmicro
4 products
Officescan
Officescan Business Security
Apex One
Worry Free Business Security
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Officescan
Version xg sp1
Officescan Business Security
Version 10.0 sp1
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apex One
Version 2019
Worry Free Business Security
Version 10.0 sp1
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (9)

Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.