Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Worry\-Free_business_security_services
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-10 | CVE-2021-45231 | A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-01-10 | CVE-2021-45440 | A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-01-10 | CVE-2021-45441 | A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-01-10 | CVE-2021-45442 | A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.1 | ||
| 2022-02-24 | CVE-2022-24678 | An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.5 | ||
| 2022-02-24 | CVE-2022-24680 | A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the... | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-02-24 | CVE-2022-24679 | A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit... | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-07-30 | CVE-2022-36336 | A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2016-06-19 | CVE-2016-1224 | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | Worry\-Free_business_security, Worry\-Free_business_security_services | 6.1 | ||
| 2016-06-19 | CVE-2016-1223 | Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | Officescan, Worry\-Free_business_security, Worry\-Free_business_security_services | 5.3 |