QwikSec

Security Database

CVE

CWE

Training

CVE-2021-42104

Published: Oct 21, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42105, 42106 and 42107.

Vendor	Product	Versions
Trend Micro	Trend Micro Apex One	affected `2019, SaaS`
Trend Micro	Trend Micro Worry-Free Business Security	affected `10.0 SP1, Services (SaaS)`

References

https://success.trendmicro.com/solution/000289229

x_refsource_MISC

https://success.trendmicro.com/solution/000289230

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-1216/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.