CVE-2021-36742

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One version 10.0 SP1 Trend Micro OfficeScan XG version 10.0 SP1 Trend Micro Worry-Free Business Security version 10.0 SP1

Description The issue is related to improper input validation, which can allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability is associated with deficiencies in access control and can be exploited by running a specially crafted program, potentially allowing the execution of arbitrary code.

Recommendations For Trend Micro Apex One version 10.0 SP1: Update to a version that includes the fix for this issue. For Trend Micro OfficeScan XG version 10.0 SP1: Update to a version that includes the fix for this issue. For Trend Micro Worry-Free Business Security version 10.0 SP1: Update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to low-privileged code execution on the target system to minimize the risk of exploitation.