Rewterz Threat Advisory – CVE-2020-17523 – Apache Shiro security bypass
February 2, 2021Rewterz Threat Alert – AZORult Malware – IOC’s
February 2, 2021Rewterz Threat Advisory – CVE-2020-17523 – Apache Shiro security bypass
February 2, 2021Rewterz Threat Alert – AZORult Malware – IOC’s
February 2, 2021Severity
High
Analysis Summary
CVE-2021-25249
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by out-of-bounds write within TmCCSF.exe. An attacker could exploit this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Impact
Privilege escalation
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One SaaS
Remediation
Refer to Trend Micro Security Bulletin: 000284202 for patch, upgrade or suggested workaround information.