Vulnerabilities > Trendmicro > Worry Free Business Security Services

DATE CVE VULNERABILITY TITLE RISK
2023-09-19 CVE-2023-41179 Code Injection vulnerability in Trendmicro products
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-94
7.2
2022-07-30 CVE-2022-36336 Link Following vulnerability in Trendmicro products
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-02-24 CVE-2022-24678 Resource Exhaustion vulnerability in Trendmicro products
An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
network
low complexity
trendmicro CWE-400
7.5
2022-02-24 CVE-2022-24679 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-02-24 CVE-2022-24680 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-01-10 CVE-2021-44024 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
7.1
2022-01-10 CVE-2021-45231 Link Following vulnerability in Trendmicro products
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system.
local
low complexity
trendmicro CWE-59
7.8
2022-01-10 CVE-2021-45440 Improper Privilege Management vulnerability in Trendmicro products
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-269
7.8
2022-01-10 CVE-2021-45441 Origin Validation Error vulnerability in Trendmicro products
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-346
7.8
2022-01-10 CVE-2021-45442 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
7.1