CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 17, 2021

CVE-2021-36741

High

EPSS 0.6%CISA KEV

Trend Micro/Apex One, Apex One as a Service, and Worry-Free Business Security

Description

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

EPSS — Exploit Probability

0.6%

Higher than 68.6% of all CVEs

Required Action

https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36741

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 0.6%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Nov 3, 2021

Added to KEV

Nov 3, 2021

Remediation Due

Nov 17, 2021

Affected Product

Trend Micro

Apex One, Apex One as a Service, and Worry-Free Business Security

View all Trend Micro CVEs

External Links

NVD (NIST)CVE Details MITRE CVE