Improper Input Validation in Trend Micro Apex One and OfficeScan Products
CVE-2021-36742
Key Information:
- Vendor
Trend Micro
- Vendor
- CVE Published:
- 29 July 2021
Badges
What is CVE-2021-36742?
An improper input validation vulnerability exists in various Trend Micro products, including Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1. This flaw allows local attackers who possess the capability to execute low-privileged code on the targeted system to escalate their privileges. Effective remediation strategies should be implemented to safeguard against potential exploitation of this vulnerability.
CISA has reported CVE-2021-36742
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-36742 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
Trend Micro Apex One 2019, SaaS
Trend Micro OfficeScan XG SP1
Trend Micro Worry-Free Business Security 10.0 SP1