Rewterz Threat Advisory – CVE-2021-22034 – VMware vRealize Operations Tenant App for VMware Cloud Director
October 20, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
October 20, 2021Rewterz Threat Advisory – CVE-2021-22034 – VMware vRealize Operations Tenant App for VMware Cloud Director
October 20, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
October 20, 2021Severity
Medium
Analysis Summary
CVE-2021-42108; CVE-2021-42107; CVE-2021-42106; CVE-2021-42105; CVE-2021-42104; CVE-2021-42103; CVE-2021-42102; CVE-2021-42101
Trend Micro Apex could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unnecessary privilege flaw in the Security Agent. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2021-42012
Trend Micro Apex One and Worry-Free Business Security could allow a local authenticated attacker to gain elevated privileges on the system, caused by a stack-based buffer overflow. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2021-42011
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect permission assignment flaw in the ApexOne Security Agent. By using a specially-crafted .DLL file, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Privilege Escalation
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Apex One SaaS
- Trend Micro Worry-Free Business Security 10.0 SP1
- Trend Micro Apex One On Premise (2019)
- Trend Micro Worry-Free Business Security Services
Remediation
Refer to Trend Micro Security for patch, upgrade, or suggested workaround information.