cvelist/2021/28xxx/CVE-2021-28645.json

{
	"CVE_data_meta" : {
		"ASSIGNER" : "security@trendmicro.com",
		"ID" : "CVE-2021-28645",
		"STATE" : "PUBLIC"
	},
	"affects" : {
		"vendor" : {
			"vendor_data" : [
				{
					"product" : {
						"product_data" : [
							{
								"product_name" : "Trend Micro Apex One\r\n",
								"version" : {
									"version_data" : [
										{
											"version_value" : "2019, SaaS"
										}
									]
								}
							},
							{
								"product_name" : "Trend Micro OfficeScan",
								"version" : {
									"version_data" : [
										{
											"version_value" : "XG SP1"
										}
									]
								}
							}
						]
					},
					"vendor_name" : "Trend Micro"
				}
			]
		}
	},
	"data_format" : "MITRE",
	"data_type" : "CVE",
	"data_version" : "4.0",
	"description" : {
		"description_data" : [
			{
				"lang" : "eng",
				"value" : "An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
			}
		]
	},
	"problemtype" : {
		"problemtype_data" : [
			{
				"description" : [
					{
						"lang" : "eng",
						"value" : "Incorrect Permission Assignment"
					}
				]
			}
		]
	},
	"references" : {
		"reference_data" : [
			{
				"url" : "https://success.trendmicro.com/solution/000286019"
			},
			{
				"url" : "https://success.trendmicro.com/solution/000286157"
			},
			{
				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"
			}
		]
	}
}
"-Synchronized-Data." 2021-03-16 21:00:47 +00:00			`{`
Trend Micro 04122021 Submission Trend Micro 04122021 Submission 2021-04-12 15:13:04 -07:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "security@trendmicro.com",`
			`"ID" : "CVE-2021-28645",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Trend Micro Apex One\r\n",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "2019, SaaS"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name" : "Trend Micro OfficeScan",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "XG SP1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Trend Micro"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Incorrect Permission Assignment"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
			`"url" : "https://success.trendmicro.com/solution/000286019"`
			`},`
			`{`
			`"url" : "https://success.trendmicro.com/solution/000286157"`
			`},`
			`{`
			`"url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-402/"`
			`}`
			`]`
			`}`
			`}`