CVE-2021-36741

moderate-risk
Published 2021-07-29

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.

Do I need to act?

-
0.66% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Trendmicro

References (9)

Broken Link https://success.trendmicro.com/jp/solution/000287796
Broken Link https://success.trendmicro.com/jp/solution/000287815
Broken Link https://success.trendmicro.com/solution/000287819
Broken Link https://success.trendmicro.com/solution/000287820
Broken Link https://success.trendmicro.com/jp/solution/000287796
Broken Link https://success.trendmicro.com/jp/solution/000287815
Broken Link https://success.trendmicro.com/solution/000287819
Broken Link https://success.trendmicro.com/solution/000287820
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...
49
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 9/34 · Low
Exposure 10/34 · Low