Back to KEVs

CVE-2021-36742

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1...

Basic Information

CVE State
PUBLISHED
Reserved Date
July 14, 2021
Published Date
July 29, 2021
Last Updated
February 06, 2025
Vendor
Trend Micro
Product
Trend Micro Apex One, Trend Micro OfficeScan, Trend Micro Worry-Free Business Security
Description
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://success.trendmicro.com/solution/000287819 https://success.trendmicro.com/solution/000287820 https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/jp/solution/000287815

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC