Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apex_one | Trendmicro | 2019 (including) | 2019 (including) |
Worry-free_business_security | Trendmicro | 10.0-sp1 (including) | 10.0-sp1 (including) |
Worry-free_business_security_services | Trendmicro | - (including) | - (including) |