返回 CVE 浏览器

CVE-2021-36742

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score61.2460%

EPSS Percentile96.78th

Published2021年7月29日

Last Modified2025年10月31日

Vulnerability Description

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected Platforms (CPE)

📦

Trendmicro

Officescan

= xg

📦

Trendmicro

Officescan Business Security

= 10.0

📦

Trendmicro

Apex One

= 2019

📦

Trendmicro

Worry Free Business Security

= 10.0

References & Advisories

🔗 https://success.trendmicro.com/jp/solution/000287796

🔗 https://success.trendmicro.com/jp/solution/000287815

🔗 https://success.trendmicro.com/solution/000287819

🔗 https://success.trendmicro.com/solution/000287820

🔗 https://success.trendmicro.com/jp/solution/000287796

🔗 https://success.trendmicro.com/jp/solution/000287815

🔗 https://success.trendmicro.com/solution/000287819

🔗 https://success.trendmicro.com/solution/000287820

相关漏洞威胁

CVE-2007-345410.0

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote atta...

CVE-2007-345510.0

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the passwor...

CVE-2006-138110.0

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local use...

CVE-2008-243710.0

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a...