JVNDB-2021-002279

[Japanese]
JVNDB-2021-002279
Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises
Overview
Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc. Apex One 2019 Apex One SaaS Worry-Free Business Security 10 SP1 Worry-Free Business Security Services

Impact
A local authenticated attacker may escalate privileges and delete arbitrary files where the agent is installed. For more information, refer to the information provided by the developer.
Solution
[Apply the Patch] Apply the appropriate patch according to the information provided by the developer.
Vendor Information
Trend Micro, Inc. Trend Micro : SECURITY BULLETIN: Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability Trend Micro : SECURITY BULLETIN: Trend Micro Worry-Free Business Security Incorrect Permission Assignment Denial-of-Service Vulnerability
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVNVU#90091573
Revision History
[2021/08/19] Web page was published

Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises