Published:2021/05/31 Last Updated:2022/03/16
JVNVU#93332929
Multiple security updates for multiple Trend Micro products (May 2021)
Overview
Trend Micro Incorporated has released multiple security updates for multiple Trend Micro products.
Products Affected
- OfficeScan XG SP1
- Apex One On Premise (2019)
- Apex One SaaS
- Trend Micro Antivirus for MAC 2021 (v11)
- Trend Micro Antivirus for MAC 2020 (v10.5)
- Home Network Security versions 6.5.599 and earlier
- HouseCall for Home Networks versions 5.3.1179 and earlier
- InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2
Description
Trend Micro Incorporated has released multiple security updates for multiple Trend Micro products.
Impact
- OfficeScan XG SP1, Apex One On Premise (2019), Apex One SaaS
- Privilege escalation due to improper access control
- Privilege escalation due to incorrect permission assignment
- A specific log file modification due to insecure file permissions
- Trend Micro Antivirus for MAC 2021 (v11), Trend Micro Antivirus for MAC 2020 (v10.5)
- Privilege escalation due to improper access control
- Home Network Security
- Denial-of-service (DoS)
- HouseCall for Home Networks
- Arbitrary code execution due to privilege escalation
- InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2
- CSRF protection bypass
- Tamper with the web interface due to cross-site scripting
- Unauthorized access to the web interface due to authorization bypass
- Privilege escalation due to authentication bypass and SSRF
- Arbitrary code execution due to CSRF protection and authentication bypass
- Arbitrary command execution
Solution
Update the Software
Apply the appropriate update according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Update History
- 2022/03/16
- Fixed the typo in the title.