cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-32465,https://securityvulnerability.io/vulnerability/CVE-2021-32465,Incorrect Permission Preservation in Trend Micro Apex One and OfficeScan Products,"In Trend Micro's Apex One, Apex One as a Service, and OfficeScan XG SP1, a vulnerability exists due to incorrect permission preservation. This flaw could allow remote attackers to bypass authentication on affected installations. However, it requires prior execution of low-privileged code on the target system, opening a potential avenue for exploitation. Organizations utilizing these products should review their security posture to mitigate the risks associated with this vulnerability.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",8.8,HIGH,0.008779999800026417,false,,false,false,false,,,false,false,,2021-08-04T18:29:37.000Z,0
CVE-2021-36742,https://securityvulnerability.io/vulnerability/CVE-2021-36742,Improper Input Validation in Trend Micro Apex One and OfficeScan Products,"An improper input validation vulnerability exists in various Trend Micro products, including Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1. This flaw allows local attackers who possess the capability to execute low-privileged code on the targeted system to escalate their privileges. Effective remediation strategies should be implemented to safeguard against potential exploitation of this vulnerability.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",7.8,HIGH,0.0013699999544769526,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2021-07-29T19:23:14.000Z,0
CVE-2021-36741,https://securityvulnerability.io/vulnerability/CVE-2021-36741,Improper Input Validation Vulnerability in Trend Micro Apex One Products,"An improper input validation issue exists in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1. This vulnerability allows remote attackers, after gaining access to the management console, to upload arbitrary files to affected installations, potentially leading to further exploitation. Proper management and access controls are essential to mitigate this risk.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",8.8,HIGH,0.14893999695777893,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2021-07-29T19:23:13.000Z,0
CVE-2021-28646,https://securityvulnerability.io/vulnerability/CVE-2021-28646,Insecure File Permissions in Trend Micro Apex One and OfficeScan XG,"An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service, and OfficeScan XG SP1 could enable a local attacker to gain unauthorized control over specific log files within the affected installations, posing a significant security risk. It is crucial for organizations using these products to apply necessary patches and updates to mitigate potential threats.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-13T12:54:59.000Z,0
CVE-2021-28645,https://securityvulnerability.io/vulnerability/CVE-2021-28645,Incorrect Permission Assignment in Trend Micro Apex One and OfficeScan XG,"An incorrect permission assignment vulnerability exists in Trend Micro's Apex One and OfficeScan XG products, allowing local attackers to escalate privileges on compromised systems. While exploiting this vulnerability requires an attacker to first run low-privileged code, it poses a significant risk to installations that fail to implement proper security measures.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-04-13T12:54:38.000Z,0
CVE-2021-25253,https://securityvulnerability.io/vulnerability/CVE-2021-25253,Improper Access Control in Trend Micro's Apex One and OfficeScan Products,An improper access control vulnerability exists within Trend Micro's Apex One and OfficeScan products. This flaw enables local attackers who have gained low-privileged code execution on an affected system to escalate their privileges. Exploiting this vulnerability could allow additional unauthorized access or actions by the attacker within the compromised installation.,Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",7.8,HIGH,0.00044999999227002263,false,,false,false,true,2023-05-12T20:51:50.000Z,true,false,false,,2021-04-13T12:53:59.000Z,0
CVE-2021-25250,https://securityvulnerability.io/vulnerability/CVE-2021-25250,Improper Access Control Flaw in Trend Micro Apex One and OfficeScan XG,"An improper access control vulnerability exists in Trend Micro Apex One, Trend Micro Apex One as a Service, and OfficeScan XG SP1, allowing a local attacker to escalate privileges. Successful exploitation requires the attacker to first execute low-privileged code on the target system, targeting sensitive files. This vulnerability underscores the importance of safeguarding systems against local threats to prevent privilege escalation.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2021-04-13T12:35:04.000Z,0
CVE-2021-25249,https://securityvulnerability.io/vulnerability/CVE-2021-25249,Out-of-Bounds Write Vulnerability in Trend Micro Apex One and OfficeScan Products,"An out-of-bounds write vulnerability exists in Trend Micro's Apex One, OfficeScan XG SP1, and Worry-Free Business Security products. This flaw could allow a local attacker to escalate privileges on affected installations. The attacker must first have access to execute low-privileged code on the targeted system to exploit this vulnerability, potentially leading to sensitive information disclosure and increased privileges.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",7.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2021-02-04T19:36:52.000Z,0
CVE-2021-25248,https://securityvulnerability.io/vulnerability/CVE-2021-25248,Out-of-Bounds Read Vulnerability in Trend Micro Apex One and OfficeScan Products,"An out-of-bounds read vulnerability exists in Trend Micro's Apex One, OfficeScan XG SP1, and Worry-Free Business Security, which may allow attackers to disclose sensitive information related to a named pipe. The exploit requires the attacker to first execute low-privileged code on the vulnerable system, potentially leading to further compromise of the system's integrity.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-02-04T19:36:51.000Z,0
CVE-2021-25246,https://securityvulnerability.io/vulnerability/CVE-2021-25246,Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan Products,"An improper access control vulnerability exists in Trend Micro's Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security products. This flaw allows unauthorized users to create fraudulent agents on affected servers, which can lead to unauthorized access to sensitive configuration details. The potential for an attacker to exploit this vulnerability underscores the importance of maintaining stringent access controls and monitoring agent activities within the network environment.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",6.5,MEDIUM,0.015569999814033508,false,,false,false,false,,,false,false,,2021-02-04T19:36:50.000Z,0
CVE-2021-25243,https://securityvulnerability.io/vulnerability/CVE-2021-25243,Improper Access Control in Trend Micro Apex One and OfficeScan Products,"An improper access control flaw exists in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1, enabling an unauthenticated user to gain unauthorized access to critical patch level information. This vulnerability could potentially be exploited by adversaries to gather sensitive data regarding security updates, which could aid in leveraging further malicious actions.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.01193000003695488,false,,false,false,false,,,false,false,,2021-02-04T19:36:48.000Z,0
CVE-2021-25242,https://securityvulnerability.io/vulnerability/CVE-2021-25242,Improper Access Control in Trend Micro Apex One and OfficeScan Products,"This vulnerability allows unauthenticated users to exploit improper access control measures in Trend Micro's security products, leading to the potential exposure of sensitive version and build information. Attackers can leverage this information to devise targeted attacks against the affected systems, compromising their integrity and security posture.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.01193000003695488,false,,false,false,false,,,false,false,,2021-02-04T19:36:47.000Z,0
CVE-2021-25240,https://securityvulnerability.io/vulnerability/CVE-2021-25240,"Improper Access Control in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security","An improper access control vulnerability in various Trend Micro products, including Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1, allows unauthenticated users to access sensitive x64 agent hofitx information. This issue can lead to unauthorized data exposure and increase the risk of further attacks. Users are urged to apply the available patches to mitigate potential exploitation.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.01193000003695488,false,,false,false,false,,,false,false,,2021-02-04T19:36:46.000Z,0
CVE-2021-25239,https://securityvulnerability.io/vulnerability/CVE-2021-25239,Improper Access Control in Trend Micro Apex One and OfficeScan Products,"An improper access control vulnerability exists in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1. This flaw may allow an unauthenticated user to access sensitive information regarding x86 agent hotfixes, potentially exposing critical security updates to attackers. Organizations using these products should assess their configurations and implement necessary patches to mitigate potential risks. It is essential to monitor security advisories from Trend Micro for further updates.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.01193000003695488,false,,false,false,false,,,false,false,,2021-02-04T19:36:45.000Z,0
CVE-2021-25238,https://securityvulnerability.io/vulnerability/CVE-2021-25238,Improper Access Control Vulnerability in Trend Micro OfficeScan and Worry-Free Business Security,"An improper access control vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow unauthorized users to access sensitive information regarding an agent's managing port. If exploited, this vulnerability can lead to potential security breaches, empowering attackers to gain insights that could facilitate more significant attacks on the security infrastructure.",Trend Micro,"Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.009720000438392162,false,,false,false,false,,,false,false,,2021-02-04T19:36:45.000Z,0
CVE-2021-25236,https://securityvulnerability.io/vulnerability/CVE-2021-25236,Server-Side Request Forgery Vulnerability in Trend Micro OfficeScan and Worry-Free Business Security,"Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 are affected by a server-side request forgery vulnerability that allows unauthenticated users to query the system and potentially locate online agents. This makes it possible for malicious actors to exploit configuration weaknesses and gain insights that should be restricted, thus heightening the risks for organizations utilizing these products.",Trend Micro,"Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.010320000350475311,false,,false,false,false,,,false,false,,2021-02-04T19:36:43.000Z,0
CVE-2021-25235,https://securityvulnerability.io/vulnerability/CVE-2021-25235,Improper Access Control in Trend Micro Apex One and OfficeScan Products,"An improper access control vulnerability exists in Trend Micro Apex One, both on-premises and SaaS versions, as well as OfficeScan XG SP1. This flaw could enable unauthorized users to access and obtain information regarding a content inspection configuration file, potentially exposing sensitive configurations and exposing systems to further vulnerabilities.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",5.3,MEDIUM,0.008340000174939632,false,,false,false,false,,,false,false,,2021-02-04T19:36:43.000Z,0
CVE-2021-25234,https://securityvulnerability.io/vulnerability/CVE-2021-25234,"Improper Access Control in Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security","An improper access control vulnerability in Trend Micro solutions allows unauthenticated users to access sensitive information related to notification configuration files. This could potentially lead to unauthorized insight into security settings, compromising the integrity of the affected products, including Apex One, OfficeScan XG, and Worry-Free Business Security.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.02133999951183796,false,,false,false,false,,,false,false,,2021-02-04T19:36:42.000Z,0
CVE-2021-25233,https://securityvulnerability.io/vulnerability/CVE-2021-25233,Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan,"An improper access control vulnerability exists in Trend Micro's security solutions, including Apex One and OfficeScan, that may allow an unauthenticated user to access sensitive configuration download files. This could lead to unauthorized sharing of specific system settings, potentially affecting overall security governance and customer trust. Users of affected versions are advised to apply necessary patches and update their systems to mitigate such risks.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.02133999951183796,false,,false,false,false,,,false,false,,2021-02-04T19:36:41.000Z,0
CVE-2021-25232,https://securityvulnerability.io/vulnerability/CVE-2021-25232,Improper Access Control in Trend Micro Apex One and OfficeScan XG,Trend Micro Apex One and OfficeScan XG SP1 are affected by an improper access control vulnerability that can potentially allow an unauthenticated attacker access to sensitive information about the underlying SQL database. This flaw could expose critical data and increase the risk of further exploitation. Organizations using these products should evaluate their security posture and apply the necessary patches to mitigate the risk.,Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",5.3,MEDIUM,0.008349999785423279,false,,false,false,false,,,false,false,,2021-02-04T19:36:41.000Z,0
CVE-2021-25231,https://securityvulnerability.io/vulnerability/CVE-2021-25231,"Improper Access Control in Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security","An improper access control vulnerability exists in various Trend Micro products, including Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1. This vulnerability can be exploited by an unauthenticated user to gain unauthorized access to sensitive information about hotfix history files, potentially leading to further security breaches. Organizations using these products should assess their systems and implement necessary mitigations to protect against unauthorized information disclosure.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.01193000003695488,false,,false,false,false,,,false,false,,2021-02-04T19:36:40.000Z,0
CVE-2021-25230,https://securityvulnerability.io/vulnerability/CVE-2021-25230,Access Control Flaw in Trend Micro Apex One and OfficeScan XG,An improper access control vulnerability in Trend Micro's Apex One and OfficeScan XG SP1 could allow unauthorized users to gain insights into the contents of a scan connection exception file. This weakness highlights the importance of robust access control measures to protect sensitive information and prevent unauthorized access. Organizations using these products should evaluate their security settings and ensure appropriate safeguards are in place.,Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",5.3,MEDIUM,0.008349999785423279,false,,false,false,false,,,false,false,,2021-02-04T19:36:39.000Z,0
CVE-2021-25228,https://securityvulnerability.io/vulnerability/CVE-2021-25228,Improper Access Control in Trend Micro Apex One and OfficeScan Products,"An improper access control vulnerability exists in Trend Micro's Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1. This flaw may allow unauthenticated users to access sensitive information related to hotfix history, potentially enabling unauthorized insights into the security posture and updates of the affected systems. Organizations using these products should implement the latest security patches to mitigate risks associated with this vulnerability.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Worry-free Business Security",5.3,MEDIUM,0.01193000003695488,false,,false,false,false,,,false,false,,2021-02-04T19:36:38.000Z,0
CVE-2021-25229,https://securityvulnerability.io/vulnerability/CVE-2021-25229,Improper Access Control in Trend Micro Apex One and OfficeScan XG Products,"An improper access control vulnerability exists in Trend Micro Apex One and OfficeScan XG that could permit an unauthenticated user to access sensitive information regarding the database server. This flaw poses significant risks as it may allow attackers to exploit database configurations, potentially leading to unauthorized access and abuse of the system. It is crucial for users of these products to address the vulnerability promptly and ensure their data remains secure.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",5.3,MEDIUM,0.008349999785423279,false,,false,false,false,,,false,false,,2021-02-04T19:36:38.000Z,0
CVE-2020-28582,https://securityvulnerability.io/vulnerability/CVE-2020-28582,Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1,"An improper access control vulnerability in Trend Micro Apex One and OfficeScan XG SP1 enables unauthenticated users to connect to the product server, potentially exposing sensitive information such as the number of managed agents. This vulnerability highlights the importance of ensuring robust access control mechanisms are in place to protect against unintended data exposure.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan",5.3,MEDIUM,0.00953999999910593,false,,false,false,false,,,false,false,,2020-12-01T18:40:39.000Z,0