Trend Micro Worry-Free Business Security vulnerabilities

CVE-2022-36336 [HIGH] CWE-59 CVE-2022-36336: A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Busin A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on

CVE-2022-24680 [HIGH] CWE-59 CVE-2022-24680: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to esc

CVE-2022-24678 [HIGH] CWE-400 CVE-2022-24678: An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.

CVE-2022-24679 [HIGH] CWE-59 CVE-2022-24679: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected

CVE-2022-23805 [HIGH] CWE-125 CVE-2022-23805: A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Busines A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulner

CVE-2021-44024 [HIGH] CWE-59 CVE-2021-44024: A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Tren A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in

CVE-2021-45440 [HIGH] CWE-269 CVE-2021-45440: A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys

CVE-2021-45231 [HIGH] CWE-59 CVE-2021-45231: A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must firs

CVE-2021-45442 [HIGH] CVE-2021-45442: A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execut

CVE-2021-44019 [HIGH] CWE-269 CVE-2021-44019: An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could al An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to bu

CVE-2021-44021 [HIGH] CVE-2021-44021: An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10 An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-

CVE-2021-44020 [HIGH] CVE-2021-44020: An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10 An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-

CVE-2021-23139 [HIGH] CWE-476 CVE-2021-23139: A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.

CVE-2021-42012 [HIGH] CWE-787 CVE-2021-42012: A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi

CVE-2021-42104 [HIGH] CWE-269 CVE-2021-42104: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i

CVE-2021-42106 [HIGH] CVE-2021-42106: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target

CVE-2021-42108 [HIGH] CWE-269 CVE-2021-42108: Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Serv Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t

CVE-2021-42107 [HIGH] CVE-2021-42107: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target

CVE-2021-42105 [HIGH] CVE-2021-42105: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10 Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target

CVE-2021-3848 [MEDIUM] CVE-2021-3848: An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One a An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an