admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-30 02:01:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Trend Micro CVE modify and new

Browse Source 
Modify (add product and links) to CVE-2020-24556 through 24559. Add CVE-2021-28648 as new.
This commit is contained in:
jpattrendmicro 2021-04-19 12:50:16 -07:00
parent cfbc6c59aa
commit e223357f21
5 changed files with 401 additions and 296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
2020/24xxx/CVE-2020-24556.json
View File

@ -1,82 +1,97 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
},
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "XG SP1"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000263632"
},
{
"url": "https://success.trendmicro.com/solution/000263633",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000263633"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2020-24556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Apex One",
"version" : {
"version_data" : [
{
"version_value" : "2009 (on premise), SaaS"
}
]
}
},
{
"product_name" : "Trend Micro OfficeScan",
"version" : {
"version_data" : [
{
"version_value" : "XG SP1"
}
]
}
},
{
"product_name" : "Trend Micro Worry-Free Business Security",
"version" : {
"version_data" : [
{
"version_value" : "10 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://success.trendmicro.com/solution/000263632",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000263632"
},
{
"url" : "https://success.trendmicro.com/solution/000263633",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000263633"
},
{
"url" : "https://success.trendmicro.com/solution/000267260",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000267260"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/",
"refsource" : "MISC",
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1093/"
}
]
}
}

147
2020/24xxx/CVE-2020-24557.json
View File

@ -1,67 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000263632"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2020-24557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Apex One",
"version" : {
"version_data" : [
{
"version_value" : "2009 (on premise), SaaS"
}
]
}
},
{
"product_name" : "Trend Micro Worry-Free Business Security ",
"version" : {
"version_data" : [
{
"version_value" : "10.0 SP1"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://success.trendmicro.com/solution/000263632",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000263632"
},
{
"url" : "https://success.trendmicro.com/solution/000267260",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000267260"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/",
"refsource" : "MISC",
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1094/"
}
]
}
}

147
2020/24xxx/CVE-2020-24558.json
View File

@ -1,67 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in an Trend Micro Apex One dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000263632"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2020-24558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Apex One",
"version" : {
"version_data" : [
{
"version_value" : "2009 (on premise), SaaS"
}
]
}
},
{
"product_name" : "Trend Micro Worry-Free Business Security",
"version" : {
"version_data" : [
{
"version_value" : "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://success.trendmicro.com/solution/000263632",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000263632"
},
{
"url" : "https://success.trendmicro.com/solution/000267260",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000267260"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/",
"refsource" : "MISC",
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1095/"
}
]
}
}

147
2020/24xxx/CVE-2020-24559.json
View File

@ -1,67 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-24559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_value": "2009 (on premise), SaaS"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro Apex One on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard Link Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/solution/000263632",
"refsource": "MISC",
"name": "https://success.trendmicro.com/solution/000263632"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2020-24559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Apex One",
"version" : {
"version_data" : [
{
"version_value" : "2009 (on premise), SaaS"
}
]
}
},
{
"product_name" : "Trend Micro Worry-Free Business Security",
"version" : {
"version_data" : [
{
"version_value" : "10.0 SP1, Services (SaaS)"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hard Link Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://success.trendmicro.com/solution/000263632",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000263632"
},
{
"url" : "https://success.trendmicro.com/solution/000267260",
"refsource" : "MISC",
"name" : "https://success.trendmicro.com/solution/000267260"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/",
"refsource" : "MISC",
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1096/"
}
]
}
}

79
2021/28xxx/CVE-2021-28648.json
View File

@ -1,18 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28648",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2021-28648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Antivirus for Mac",
"version" : {
"version_data" : [
{
"version_value" : "2021 (11), 2020 (10.5)"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application.\r\n\r\nPlease note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10293"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-420/"
}
]
}
}