CVE-2021-28646

MEDIUM

Trendmicro Apex One - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000286157
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000286019

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 19.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-732
Status published
Products (2)
trendmicro/apex_one 2019 (2 CPE variants)
trendmicro/officescan xg sp1
Published Apr 13, 2021
Tracked Since Feb 18, 2026