CVE-2021-36742

HIGH KEV

Trendmicro Officescan - Improper Input Validation

Title source: rule

Description

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

References (5)

Scores

CVSS v3 7.8
EPSS 0.0143
EPSS Percentile 80.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-08-11
InTheWild.io 2021-07-28
ENISA EUVD EUVD-2021-23332
CWE
CWE-20
Status published
Products (4)
trendmicro/apex_one 2019
trendmicro/officescan xg sp1
trendmicro/officescan_business_security 10.0 sp1
trendmicro/worry-free_business_security 10.0 sp1
Published Jul 29, 2021
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026