← Back

CVE-2021-36744

nvd nist
Published: Sep 6, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

Affected (5)

Trendmicro
4 products
Maximum Security 2019
Maximum Security 2020
Maximum Security 2021
Security For Best Buy
Configuration A
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Maximum Security 2019
Version 15.0
Maximum Security 2020
Version 16.0
Trendmicro
Maximum Security 2021
Version 17.0
Maximum Security 2021
Version 17.2
Security For Best Buy
Version 2021
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

Source: security@trendmicro.com
PatchVendor Advisory
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.