CVE-2021-32463: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An incorrect permission assignment denial-of-service vulnerability was identified in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1, and Worry-Free Services. The vulnerability, tracked as CVE-2021-32463, was discovered on March 12, 2021, and publicly disclosed on July 13, 2021. This security flaw affects the Security Agent component of these Trend Micro products (ZDI Advisory, CVE Details).

The vulnerability exists within the Security Agent component and results from incorrect permissions set on a resource used by the service. It has been assigned a CVSS score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating moderate severity. The specific technical nature of the flaw involves improper permission assignments that could lead to privilege escalation and system file deletion (ZDI Advisory).

If successfully exploited, this vulnerability could allow an attacker to create a denial-of-service condition on the system and potentially delete files with system privileges on affected installations. The impact primarily affects system integrity and availability (CERT-FR, ZDI Advisory).

Trend Micro has released security updates to address this vulnerability. Specifically, Apex One version 2019 (on-premise) users should apply correctif 5 b9565, and Worry-Free Business Security version 10.0 SP1 users should implement correctif 2329 (CERT-FR).