Main Vulnerability Database Vulnerabilities #VU57037

Security restrictions bypass in Apex One and Worry-Free Business Security - CVE-2021-3848

Published: October 4, 2021

Vulnerability identifier: #VU57037

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3848

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apex One
Worry-Free Business Security

Software vendor:
Trend Micro

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper privileges management in Trend Micro Apex One and Trend Micro Worry-Free Business Security. A local user can create arbitrary files on the system with higher privileges.

Successful exploitation of the vulnerability can result in denial of service conditions.

Remediation

Install updates from vendor's website.

External links

https://success.trendmicro.com/solution/000289183

Security restrictions bypass in Apex One and Worry-Free Business Security - CVE-2021-3848

Description

Remediation

External links

Please verify you're human