CVE-2021-32463

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (SaaS) (affected versions not specified) Trend Micro Worry-Free Business Security version 10.0 SP1 Trend Micro Worry-Free Services (affected versions not specified)

Description: An incorrect permission assignment denial-of-service issue could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue.

Recommendations: For Trend Micro Apex One, update to a version that includes a fix for the incorrect permission assignment issue. For Trend Micro Apex One as a Service (SaaS), contact the service provider for guidance on mitigating the issue. For Trend Micro Worry-Free Business Security version 10.0 SP1, update to a newer version that addresses the incorrect permission assignment issue. For Trend Micro Worry-Free Services, restrict access to sensitive files and system privileges until a fix is available.