Back to CVE Browser

CVE-2021-36741

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score58.6470%

EPSS Percentile96.89th

PublishedJul 29, 2021

Last ModifiedOct 31, 2025

Vulnerability Description

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.

Affected Platforms (CPE)

📦

Trendmicro

Officescan

= xg

📦

Trendmicro

Officescan Business Security

= 10.0

📦

Trendmicro

Apex One

= 2019

📦

Trendmicro

Worry Free Business Security

= 10.0

References & Advisories

🔗 https://success.trendmicro.com/jp/solution/000287796

🔗 https://success.trendmicro.com/jp/solution/000287815

🔗 https://success.trendmicro.com/solution/000287819

🔗 https://success.trendmicro.com/solution/000287820

🔗 https://success.trendmicro.com/jp/solution/000287796

🔗 https://success.trendmicro.com/jp/solution/000287815

🔗 https://success.trendmicro.com/solution/000287819

🔗 https://success.trendmicro.com/solution/000287820

Related Vulnerabilities

CVE-2007-345410.0

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote atta...

CVE-2007-345510.0

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the passwor...

CVE-2006-138110.0

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use...

CVE-2008-243710.0

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a...