CVE-2021-36741

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One versions prior to the fixed version Trend Micro Apex One as a Service versions prior to the fixed version Trend Micro OfficeScan XG versions prior to the fixed version Trend Micro Worry-Free Business Security 10.0 SP1 and earlier

Description An improper input validation vulnerability in Trend Micro products allows a remote attacker to upload arbitrary files on affected installations. The attacker must first obtain the ability to logon to the product's management console in order to exploit this vulnerability. This vulnerability may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information by uploading a specially crafted file.

Recommendations For Trend Micro Apex One, update to a version that includes the fix for this vulnerability. For Trend Micro Apex One as a Service, update to a version that includes the fix for this vulnerability. For Trend Micro OfficeScan XG, update to a version that includes the fix for this vulnerability. For Trend Micro Worry-Free Business Security, update to a version later than 10.0 SP1. As a temporary workaround, consider restricting access to the management console to minimize the risk of exploitation.