CVE-2021-25248
MEDIUMTrendmicro Trend Micro Apex One, OfficeScan, and Worry-Free Business Security - Information Disclosure
Title source: llmDescription
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000284202
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000284205
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000284206
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-118/
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (3)
trendmicro/apex_one
2019
trendmicro/officescan
xg sp1
trendmicro/worry-free_business_security
10.0 sp1
Published
Feb 04, 2021
Tracked Since
Feb 18, 2026