SB2021100405 - Denial of service in Trend Micro Apex One and Worry-Free Business Security

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021100405

SB2021100405 - Denial of service in Trend Micro Apex One and Worry-Free Business Security

Published: October 4, 2021

Security Bulletin ID SB2021100405
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Security restrictions bypass (CVE-ID: CVE-2021-3848)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper privileges management in Trend Micro Apex One and Trend Micro Worry-Free Business Security. A local user can create arbitrary files on the system with higher privileges.

Successful exploitation of the vulnerability can result in denial of service conditions.


Remediation

Install update from vendor's website.

References