7.8
CVE-2021-36742
- EPSS 1.16%
- Published 29.07.2021 20:15:07
- Last modified 13.02.2025 14:26:24
- Source security@trendmicro.com
- Teams watchlist Login
- Open Login
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Trendmicro ≫ Officescan Versionxg Updatesp1
Trendmicro ≫ Officescan Business Security Version10.0 Updatesp1
Trendmicro ≫ Apex One Version2019
Trendmicro ≫ Worry-free Business Security Version10.0 Updatesp1
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Trend Micro Multiple Products Improper Input Validation Vulnerability
VulnerabilityTrend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.16% | 0.778 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.