CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan_business_security:10.0:sp1:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

06 Aug 2021, 17:03

Type Values Removed Values Added
CWE CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:trendmicro:officescan_business_security:10.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*
References (N/A) https://success.trendmicro.com/solution/000287819 - (N/A) https://success.trendmicro.com/solution/000287819 - Vendor Advisory
References (N/A) https://success.trendmicro.com/jp/solution/000287796 - (N/A) https://success.trendmicro.com/jp/solution/000287796 - Vendor Advisory
References (N/A) https://success.trendmicro.com/solution/000287820 - (N/A) https://success.trendmicro.com/solution/000287820 - Vendor Advisory
References (N/A) https://success.trendmicro.com/jp/solution/000287815 - (N/A) https://success.trendmicro.com/jp/solution/000287815 - Vendor Advisory

30 Jul 2021, 15:15

Type Values Removed Values Added
Summary An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product’s management console in order to exploit this vulnerability. An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.

29 Jul 2021, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-29 20:15

Updated : 2022-05-16 23:20


NVD link : CVE-2021-36741

Mitre link : CVE-2021-36741


JSON object : View

Products Affected

trendmicro

  • apex_one
  • worry-free_business_security
  • officescan
  • officescan_business_security

microsoft

  • windows
CWE
CWE-20

Improper Input Validation