CVE-2021-25246

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) Trend Micro OfficeScan XG SP1 (affected versions not specified) Trend Micro Worry-Free Business Security (affected versions not specified)

Description: An improper access control information disclosure issue could allow an unauthenticated user to create a bogus agent on an affected server. This bogus agent could then be used to make valid configuration queries.

Recommendations: For Trend Micro Apex One, update to a version that includes a fix for this issue. For Trend Micro Apex One as a Service, update to a version that includes a fix for this issue. For Trend Micro OfficeScan XG SP1, update to a version that includes a fix for this issue. For Trend Micro Worry-Free Business Security, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to configuration queries until a patch is available.