Multiple vulnerabilities in Trend Micro Apex One
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2021-44024 CVE-2021-45231 CVE-2021-45440 CVE-2021-45441 |
| CWE-ID | CWE-59 CWE-250 CWE-345 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Link following
EUVDB-ID: #VU59107
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-44024
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with SYSTEM privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
https://success.trendmicro.com/solution/000289996
https://www.zerodayinitiative.com/advisories/ZDI-22-014/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Link following
EUVDB-ID: #VU59108
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-45231
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following. A local user
can create a specially crafted symbolic link and overwrite arbitrary
files with arbitrary content. Successful exploitation of the vulnerability may result in execution of arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
https://success.trendmicro.com/solution/000289996
https://www.zerodayinitiative.com/advisories/ZDI-22-013/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Execution with unnecessary privileges
EUVDB-ID: #VU59109
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-45440
CWE-ID:
CWE-250 - Execution with Unnecessary Privileges
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to execution of.code with unnecessary privileges A local low-privileged user can run a specially crafted program to abuse an impersonation privilege and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
https://success.trendmicro.com/solution/000289996
https://www.zerodayinitiative.com/advisories/ZDI-22-016/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Insufficient verification of data authenticity
EUVDB-ID: #VU59110
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-45441
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an origin validation error. A local user can create a specially crafted file that to issue commands over a certain pipe and elevate to a higher level of privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
https://success.trendmicro.com/solution/000289996
https://www.zerodayinitiative.com/advisories/ZDI-22-017/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
