Multiple vulnerabilities in Trend Micro Apex One
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2021-25228 CVE-2021-25234 CVE-2021-25243 CVE-2021-25242 CVE-2021-25240 CVE-2021-25239 CVE-2021-25237 CVE-2021-25235 CVE-2021-25233 CVE-2021-25232 CVE-2021-25231 CVE-2021-25230 CVE-2021-25229 CVE-2021-25241 CVE-2021-25246 CVE-2021-25248 CVE-2021-25249 |
| CWE-ID | CWE-284 CWE-918 CWE-125 CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
Updated: 03.02.2021
Updated vulnerability descriptions, provided links to ZDI.1) Improper access control
EUVDB-ID: #VU50101
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25228
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-103/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU50107
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25234
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-109/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU50113
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25243
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-116/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU50112
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25242
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-115/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU50111
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25240
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-113/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU50110
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25239
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-112/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU50109
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25237
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-111/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper access control
EUVDB-ID: #VU50108
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25235
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-110/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU50106
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25233
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-108/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper access control
EUVDB-ID: #VU50105
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25232
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-107/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU50104
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25231
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-106/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU50103
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25230
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-105/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper access control
EUVDB-ID: #VU50102
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25229
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-104/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU50114
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25241
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the web console on port 4343/TCP. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker to create a command script to locate online agents and map out network topology a server can communicate with.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-114/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper access control
EUVDB-ID: #VU50115
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25246
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and create a bogus agent on an affected server that could be used then make valid configuration queries.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-117/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU50116
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-25248
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within TmCCSF.exe. A local user can run a specially crafted code on the server to trigger out-of-bounds read error and disclose sensitive information about a named pipe.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-118/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds write
EUVDB-ID: #VU50117
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-25249
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within TmCCSF.exe. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: 2019
CPE2.3 External linkshttps://success.trendmicro.com/solution/000284202
https://www.zerodayinitiative.com/advisories/ZDI-21-119/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
