An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
References
Link | Resource |
---|---|
https://success.trendmicro.com/solution/000284205 | Patch Vendor Advisory |
https://success.trendmicro.com/solution/000284206 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-115/ | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/000284202 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2021-02-04 12:15
Updated : 2021-02-05 08:30
NVD link : CVE-2021-25242
Mitre link : CVE-2021-25242
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
trendmicro
- officescan
- apex_one
- worry-free_business_security
microsoft
- windows