Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-44024
CVE-2021-44024:
Trend Micro Apex One Agent vulnerability analysis and mitigation
Overview
A link following denial-of-service vulnerability (CVE-2021-44024) was discovered in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services). The vulnerability was disclosed on January 10, 2022, and affects multiple Trend Micro security products (NVD, ZDI).
Technical details
The vulnerability exists within the Real-time Scan Service and is classified as CWE-59 (Improper Link Resolution Before File Access). It has a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. The attack requires local access and low privileges to exploit (NVD, ZDI).
Impact
If successfully exploited, this vulnerability allows an attacker to overwrite arbitrary files in the context of SYSTEM, potentially leading to a denial-of-service condition on the affected system (ZDI).
Mitigation and workarounds
Trend Micro has issued an update to correct this vulnerability. Users are advised to apply the security patch available through the vendor's solution portal (ZDI).
Additional resources
Source: This report was generated using AI
Related Trend Micro Apex One Agent vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management