7.8
CVE-2021-36742
- EPSS 1.16%
- Veröffentlicht 29.07.2021 20:15:07
- Zuletzt bearbeitet 13.02.2025 14:26:24
- Quelle security@trendmicro.com
- Teams Watchlist Login
- Unerledigt Login
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Officescan Versionxg Updatesp1
Trendmicro ≫ Officescan Business Security Version10.0 Updatesp1
Trendmicro ≫ Apex One Version2019
Trendmicro ≫ Worry-free Business Security Version10.0 Updatesp1
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Trend Micro Multiple Products Improper Input Validation Vulnerability
SchwachstelleTrend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.16% | 0.778 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.