Improper Input Validation Vulnerability in Trend Micro Apex One Products
CVE-2021-36741

8.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex One; Trend Micro Officescan; Trend Micro Worry-free Business Security
Vendor: CVE Published:; 29 July 2021

🔔 Create Trend Micro Vulnerability Alert

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2021-36741?

An improper input validation issue exists in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1. This vulnerability allows remote attackers, after gaining access to the management console, to upload arbitrary files to affected installations, potentially leading to further exploitation. Proper management and access controls are essential to mitigate this risk.

CISA has reported CVE-2021-36741

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-36741 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch