Rewterz Threat Advisory – Multiple IBM MQ Appliance Vulnerabilities
December 1, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
December 1, 2021Rewterz Threat Advisory – Multiple IBM MQ Appliance Vulnerabilities
December 1, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
December 1, 2021Severity
High
Analysis Summary
CVE-2021-44021: CVE-2021-44020: CVE-2021-44019
Trend Micro Worry-Free Business Security could allow a locally authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Security Server. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Privilege Escalation
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Worry-Free Business Security 10.0 SP1
- Trend Micro Worry-Free Business Security Services
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.