JVNVU#90091573: Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises

Overview

Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.

Products Affected

Apex One On Premise (2019)
Apex One as a Service
Worry-Free Business Security 10 SP1
Worry-Free Business Security Services

Description

Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.

Impact

A local authenticated attacker may escalate privileges and delete arbitrary files where the agent is installed.
For more information, refer to the information provided by the developer.

Solution

Apply the Patch
Apply the appropriate patch according to the information provided by the developer.

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability
	SECURITY BULLETIN: Trend Micro Worry-Free Business Security Incorrect Permission Assignment Denial-of-Service Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#90091573 Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises