cbcvebase.

Trend Micro Worry-Free Business Security vulnerabilities

40 known vulnerabilities affecting trend_micro/trend_micro_worry-free_business_security.

Total CVEs
40
CISA KEV
3
actively exploited
Public exploits
0
Exploited in wild
3
Severity breakdown
CRITICAL1HIGH22MEDIUM17

Vulnerabilities

Page 1 of 2
CVE-2021-36741P1HIGHCVSS 8.8KEVv10.0 SP12021-07-29
CVE-2021-36741 [HIGH] CWE-434 CVE-2021-36741: An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeSca An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vu
nvd
CVE-2020-24557P1HIGHCVSS 7.8KEVv10.0 SP12020-09-01
CVE-2020-24557 [HIGH] CVE-2020-24557: A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windo A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target sys
nvd
CVE-2021-36742P1HIGHCVSS 7.8KEVv10.0 SP12021-07-29
CVE-2021-36742 [HIGH] CWE-20 CVE-2021-36742: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu
nvd
CVE-2020-8600P3CRITICALCVSS 9.8vWFBS 9.0, 9.5 and 10.02020-03-18
CVE-2020-8600 [CRITICAL] CWE-22 CVE-2020-8600: Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulne Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.
nvd
CVE-2020-28574P3HIGHCVSS 7.5v10.0 SP12020-11-18
CVE-2020-28574 [HIGH] CWE-22 CVE-2020-28574: A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-F A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
nvd
CVE-2021-45231P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2022-01-10
CVE-2021-45231 [HIGH] CWE-59 CVE-2021-45231: A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must firs
nvd
CVE-2021-42012P3HIGHCVSS 7.8v10.0 SP12021-10-21
CVE-2021-42012 [HIGH] CWE-787 CVE-2021-42012: A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi
nvd
CVE-2022-24678P3HIGHCVSS 7.5v10.0 SP1, Services (SaaS)2022-02-24
CVE-2022-24678 [HIGH] CWE-400 CVE-2022-24678: An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
nvd
CVE-2020-24559P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2020-09-01
CVE-2020-24559 [HIGH] CWE-59 CVE-2020-24559: A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Busine A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute l
nvd
CVE-2021-32464P3HIGHCVSS 7.8vServices (SaaS)2021-08-04
CVE-2021-32464 [HIGH] CWE-276 CVE-2021-32464: An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to e
nvd
CVE-2022-24680P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2022-02-24
CVE-2022-24680 [HIGH] CWE-59 CVE-2022-24680: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to esc
nvd
CVE-2022-24679P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2022-02-24
CVE-2022-24679 [HIGH] CWE-59 CVE-2022-24679: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected
nvd
CVE-2022-36336P3HIGHCVSS 7.8v10.0 SP1 and SaaS2022-07-30
CVE-2022-36336 [HIGH] CWE-59 CVE-2022-36336: A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Busin A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on
nvd
CVE-2021-45440P3HIGHCVSS 7.8v10.0 SP12022-01-10
CVE-2021-45440 [HIGH] CWE-269 CVE-2021-45440: A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys
nvd
CVE-2021-25249P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2021-02-04
CVE-2021-25249 [HIGH] CWE-787 CVE-2021-25249: An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and Saa An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2021-42108P3HIGHCVSS 7.8v10.0 SP12021-10-21
CVE-2021-42108 [HIGH] CWE-269 CVE-2021-42108: Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Serv Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t
nvd
CVE-2021-42104P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2021-10-21
CVE-2021-42104 [HIGH] CWE-269 CVE-2021-42104: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i
nvd
CVE-2021-32463P3HIGHCVSS 7.8v10.0 SP1, Services (SaaS)2021-07-20
CVE-2021-32463 [HIGH] CWE-732 CVE-2021-32463: An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ab
nvd
CVE-2021-44019P3HIGHCVSS 7.8v10.0 SP12021-12-03
CVE-2021-44019 [HIGH] CWE-269 CVE-2021-44019: An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could al An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to bu
nvd
CVE-2021-23139P3HIGHCVSS 7.5v10.0 SP12021-10-21
CVE-2021-23139 [HIGH] CWE-476 CVE-2021-23139: A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
nvd
Trend Micro Worry-Free Business Security vulnerabilities | cvebase