CVE-2021-28645

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One versions (affected versions not specified) Trend Micro Apex One as a Service versions (affected versions not specified) Trend Micro OfficeScan XG SP1 versions (affected versions not specified)

Description The issue is related to an incorrect permission assignment in the software, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability is associated with insufficient permission checks for a critical resource, which can be exploited to elevate privileges.

Recommendations For Trend Micro Apex One, apply the necessary patches or updates to fix the incorrect permission assignment issue. For Trend Micro Apex One as a Service, apply the necessary patches or updates to fix the incorrect permission assignment issue. For Trend Micro OfficeScan XG SP1, apply the necessary patches or updates to fix the incorrect permission assignment issue. As a temporary workaround, consider restricting access to critical resources until a patch is available.