Risk | Low |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2021-44024 CVE-2021-45231 CVE-2021-45440 CVE-2021-45442 |
CWE-ID | CWE-59 CWE-250 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Worry-Free Business Security Client/Desktop applications / Software for system administration |
Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
EUVDB-ID: #VU59107
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44024
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with SYSTEM privileges.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 B2190
External linkshttp://success.trendmicro.com/solution/000289996
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59108
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45231
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following. A local user
can create a specially crafted symbolic link and overwrite arbitrary
files with arbitrary content. Successful exploitation of the vulnerability may result in execution of arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 B2190
External linkshttp://success.trendmicro.com/solution/000289996
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59109
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45440
CWE-ID:
CWE-250 - Execution with Unnecessary Privileges
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to execution of.code with unnecessary privileges A local low-privileged user can run a specially crafted program to abuse an impersonation privilege and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 B2190
External linkshttp://success.trendmicro.com/solution/000289996
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59111
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45442
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with SYSTEM privileges. MitigationInstall update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 B2190
External linkshttp://success.trendmicro.com/solution/000289996
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.