Insecure File Permissions in Trend Micro Apex One and OfficeScan XG
CVE-2021-28646

5.5MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex One; Trend Micro Officescan
Vendor: CVE Published:; 13 April 2021

Summary

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service, and OfficeScan XG SP1 could enable a local attacker to gain unauthorized control over specific log files within the affected installations, posing a significant security risk. It is crucial for organizations using these products to apply necessary patches and updates to mitigate potential threats.

Affected Version(s)

Trend Micro Apex One 2019, SaaS

Trend Micro OfficeScan XG SP1

References

https://success.trendmicro.com/solution/000286019

x_refsource_MISC

https://success.trendmicro.com/solution/000286157

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 13, 2021
Vulnerability Reserved
Mar 16, 2021