JVNDB-2022-001380

Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)

Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Trend Micro, Inc.

• Apex One On Premise (2019)
• Apex One as a Service
• Worry-Free Business Security 10.0 SP1
• Worry-Free Business Security Services

• Apex One On Premise (2019)

* Privilege escalation due to uncontrolled search path element
* Privilege escalation due to unnecessary privilege
* Privilege escalation due to incorrect permission assignment
* Privilege escalation due to stack-based buffer overflow
* CGI program crash due to NULL pointer dereference
* Denial-of-service (DoS) due to reachable assertion
* Denial-of-service (DoS) due to link following vulnerability
* Privilege escalation due to link following vulnerability
* Privilege escalation due to origin validation error vulnerability
* Server crash due to out-of-bounds read
* Denial-of-service (DoS) due to resource exhaustion attack


• Apex One as a Service

* Privilege escalation due to uncontrolled search path element
* Privilege escalation due to unnecessary privilege
* Privilege escalation due to incorrect permission assignment
* Privilege escalation due to stack-based buffer overflow
* CGI program crash due to NULL pointer dereference
* Denial-of-service (DoS) due to reachable assertion
* Denial-of-service (DoS) due to link following vulnerability
* Privilege escalation due to link following vulnerability
* Denial-of-service (DoS) due to resource exhaustion attack


• Worry-Free Business Security 10.0 SP1

* Privilege escalation due to unnecessary privilege
* Privilege escalation due to stack-based buffer overflow
* CGI program crash due to NULL pointer dereference
* Denial-of-service (DoS) due to link following vulnerability
* Privilege escalation due to link following vulnerability
* Server crash due to out-of-bounds read
* Denial-of-service (DoS) due to resource exhaustion attack


• Worry-Free Business Security Services

* Privilege escalation due to unnecessary privilege
* Denial-of-service (DoS) due to link following vulnerability
* Privilege escalation due to link following vulnerability
* Denial-of-service (DoS) due to resource exhaustion attack

[Update the software]
Update the software to the latest version according to the information provided by the developer.

Trend Micro, Inc.

• Trend Micro Incorporated : SECURITY BULLETIN: October 14, 2021, Security Bulletin for Trend Micro Apex One and Apex One as a Service
• Trend Micro Incorporated : SECURITY BULLETIN: October 14, 2021, Security Bulletin for Trend Micro Worry-Free Business Security and Worry-Free Business Security Services
• Trend Micro Incorporated : SECURITY BULLETIN: December 2021 Security Bulletin for Trend Micro Apex One and Worry-Free Business Security
• Trend Micro Incorporated : SECURITY BULLETIN: Trend Micro Worry-Free Business Security Server Out-Of-Bounds Read Information Disclosure Vulnerability
• Trend Micro Incorporated : SECURITY BULLETIN: February 2022 Security Bulletin for Trend Micro Apex One
• Trend Micro Incorporated : SECURITY BULLETIN: February 2022 Security Bulletin for Trend Micro Worry-Free Business Security

1. JVN : JVNVU#96994445

• [2022/03/02]
    Web page was published