Skip to main content

Worry Free Business Security CVE-2021-25245

MEDIUM
2021-02-04 security@trendmicro.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 04, 2021 - 20:15 nvd
MEDIUM 5.3

DescriptionNVD

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.

AnalysisAI

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. Affected products include: Trendmicro Worry-Free Business Security.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-28574 HIGH POC
7.5 Nov 18

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Securit

CVE-2020-8600 CRITICAL
9.8 Mar 18

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could

CVE-2020-8598 CRITICAL
9.8 Mar 18

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerabl

CVE-2019-18189 CRITICAL
9.8 Oct 28

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5

CVE-2021-36741 HIGH
8.8 Jul 29

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free

CVE-2025-49154 HIGH
8.7 Jun 17

CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Sec

CVE-2022-36336 HIGH
7.8 Jul 30

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents

CVE-2022-24680 HIGH
7.8 Feb 24

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Se

CVE-2022-24679 HIGH
7.8 Feb 24

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Se

CVE-2021-44021 HIGH
7.8 Dec 03

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker

CVE-2021-44020 HIGH
7.8 Dec 03

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker

CVE-2021-44019 HIGH
7.8 Dec 03

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker

Share

CVE-2021-25245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy