PT-2021-16486 · Trend Micro · Trend Micro Apex One+2
Jay Lo
+1
·
Published
2021-01-29
·
Updated
2021-02-05
·
CVE-2021-25248
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Trend Micro Apex One (on-prem and SaaS)
OfficeScan XG SP1
Worry-Free Business Security versions 10.0 SP1 and Services
Description:
An out-of-bounds read information disclosure issue could allow an attacker to disclose sensitive information about a named pipe. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue.
Recommendations:
For Trend Micro Apex One (on-prem and SaaS), update to a version that includes a fix for this issue.
For OfficeScan XG SP1, update to a version that includes a fix for this issue.
For Worry-Free Business Security versions 10.0 SP1 and Services, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to named pipes to minimize the risk of exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Officescan Xg
Trend Micro Apex One
Worry-Free Business Security