Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Published

2021-03-03T16:15:13.087

Last Modified

2024-11-21T05:54:38.113

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	apex_central	2019	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	apex_one	2019	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	cloud_edge	5.0	Yes
Application	trendmicro	apex_one	-	Yes
Operating System	apple	macos	-	No
Application	trendmicro	deep_security	10.0	Yes
Application	trendmicro	deep_security	11.0	Yes
Application	trendmicro	deep_security	12.0	Yes
Application	trendmicro	deep_security	20.0	Yes
Application	trendmicro	control_manager	7.0	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	deep_discovery_analyzer	5.1	Yes
Application	trendmicro	deep_discovery_email_inspector	2.5	Yes
Application	trendmicro	deep_discovery_inspector	3.8	Yes
Application	trendmicro	interscan_messaging_security_virtual_appliance	9.1	Yes
Application	trendmicro	interscan_web_security_virtual_appliance	6.5	Yes
Application	trendmicro	officescan	-	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	portal_protect	2.6	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	scanmail	14.0	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	scanmail_for_ibm_domino	5.8	Yes
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Application	trendmicro	serverprotect_for_storage	6.0	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	serverprotect	5.8	Yes
Hardware	emc	celerra_network_attached_storage	-	No
Operating System	microsoft	windows	-	No
Operating System	novell	netware	-	No
Application	trendmicro	serverprotect_for_network_appliance_filers	5.8	Yes
Operating System	netapp	cluster_data_ontap	-	No
Application	trendmicro	safe_lock	1.1	Yes
Operating System	microsoft	windows	-	No
Application	trendmicro	worry-free_business_security	10.1	Yes
Operating System	microsoft	windows	-	No

References

https://success.trendmicro.com/solution/000285675 Patch, Vendor Advisory ([email protected])
https://success.trendmicro.com/solution/000285675 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)