CVE-2021-28646

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) Trend Micro OfficeScan XG SP1 (affected versions not specified)

Description The issue is related to insecure file permissions, which could allow a local attacker to take control of a specific log file on affected installations. It is also associated with insufficient permission assignment checks for a critical resource, potentially leading to a denial of service.

Recommendations For Trend Micro Apex One, consider restricting access to critical log files until a fix is available. For Trend Micro Apex One as a Service, restrict access to critical log files until a fix is available. For Trend Micro OfficeScan XG SP1, restrict access to critical log files until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.