CVE-2021-42104

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 68.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Trend Micro Trend Micro Apex ONETrend Micro Trend Micro Worry-free Business SecurityTrendmicro Apex ONE+1 more
Timeline
PublishedOct 21
Latest updateMay 24

Description

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5trend_micro/trend_micro_worry-free_business_security10.0 SP1, Services (SaaS)
CVEListV5trend_micro/trend_micro_apex_one2019, SaaS

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-9w9g-mc45-wp73: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 102022-05-24
CVEList
CVE-2021-42104: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 102021-10-21
CVE-2021-42104 (HIGH CVSS 7.8) | Unnecessary privilege vulnerabiliti | cvebase.io