ID CVE-2021-36741Type cveReporter security@trendmicro.comModified 2021-08-19T14:40:00
Description
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.
{"id": "CVE-2021-36741", "bulletinFamily": "NVD", "title": "CVE-2021-36741", "description": "An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.", "published": "2021-07-29T20:15:00", "modified": "2021-08-19T14:40:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36741", "reporter": "security@trendmicro.com", "references": ["https://success.trendmicro.com/jp/solution/000287815", "https://success.trendmicro.com/solution/000287819", "https://success.trendmicro.com/solution/000287820", "https://success.trendmicro.com/jp/solution/000287796"], "cvelist": ["CVE-2021-36741"], "immutableFields": [], "type": "cve", "lastseen": "2021-08-20T07:54:37", "edition": 4, "viewCount": 53, "enchantments": {"dependencies": {"references": [], "modified": "2021-08-20T07:54:37", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-08-20T07:54:37", "rev": 2}, "twitter": {"counter": 4, "modified": "2021-07-31T07:51:41", "tweets": [{"link": "https://twitter.com/vuldb/status/1421016220745097226", "text": "Trend Micro Apex One Management Console input validation [CVE-2021-36741] https://t.co/hcU8O2p24o?amp=1"}, {"link": "https://twitter.com/vuldb/status/1421016220745097226", "text": "Trend Micro Apex One Management Console input validation [CVE-2021-36741] https://t.co/hcU8O2p24o?amp=1"}, {"link": "https://twitter.com/ripjyr/status/1421256338944970754", "text": "\u307e\u3063\u3061\u3083\u3060\u3044\u3075\u304f\u306e\u65e5\u8a18 \uff1a\u3010\u6ce8\u610f\u559a\u8d77\u3011\u5f0a\u793e\u88fd\u54c1\u306e\u8106\u5f31\u6027 (CVE-2021-36741,CVE-2021-36742) \u3092\u60aa\u7528\u3057\u305f\u653b\u6483\u3092\u78ba\u8a8d\u3057\u305f\u3053\u3068\u306b\u3088\u308b\u4fee\u6b63\u30d7\u30ed\u30b0\u30e9\u30e0\u9069\u7528\u306e\u304a\u9858\u3044\uff1a\u30b5\u30dd\u30fc\u30c8\u60c5\u5831 : \u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed\uff20 \u8106\u5f31\u6027\u60c5\u5831\u304c\u51fa\u3066\u3044\u3066\u653b\u6483\u3067\u3082\u5229\u7528\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u8981\u6ce8\u610f"}, {"link": "https://twitter.com/eyeTSystems/status/1421372412466188289", "text": "CVE-2021-36741 An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note:.\u2026 https://t.co/Yzq31Tcn8m?amp=1"}]}, "vulnersScore": 4.4}, "cpe": ["cpe:/a:trendmicro:apex_one:2019", "cpe:/a:trendmicro:officescan:xg", "cpe:/a:trendmicro:worry-free_business_security:10.0", "cpe:/a:trendmicro:officescan_business_security:10.0"], "affectedSoftware": [{"cpeName": "trendmicro:worry-free_business_security", "name": "trendmicro worry-free business security", "operator": "eq", "version": "10.0"}, {"cpeName": "trendmicro:officescan_business_security", "name": "trendmicro officescan business security", "operator": "eq", "version": "10.0"}, {"cpeName": "trendmicro:officescan", "name": "trendmicro officescan", "operator": "eq", "version": "xg"}, {"cpeName": "trendmicro:apex_one", "name": "trendmicro apex one", "operator": "eq", "version": "2019"}], "affectedConfiguration": [{"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trendmicro:officescan_business_security:10.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "N/A", "refsource": "N/A", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000287819"}, {"name": "N/A", "refsource": "N/A", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/jp/solution/000287796"}, {"name": "N/A", "refsource": "N/A", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/jp/solution/000287815"}, {"name": "N/A", "refsource": "N/A", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000287820"}], "cpe23": ["cpe:2.3:a:trendmicro:officescan_business_security:10.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*", "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*"], "cwe": ["CWE-20"], "scheme": null}
{}
