CVE-2021-25252
First published: Wed Mar 03 2021(Updated: )
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Apex Central | =2019 | |
| Microsoft Windows Operating System | ||
| Trend Micro Apex One | =2019 | |
| Trend Micro Cloud Edge | =5.0 | |
| Trend Micro Apex One | ||
| macOS | ||
| Trend Micro Deep Security Manager | =10.0 | |
| Trend Micro Deep Security Manager | =11.0 | |
| Trend Micro Deep Security Manager | =12.0 | |
| Trend Micro Deep Security Manager | =20.0 | |
| Trend Micro Control Manager | =7.0 | |
| Trend Micro Deep Discovery Analyzer | =5.1 | |
| Trend Micro Deep Discovery Email Inspector | =2.5 | |
| Trend Micro Deep Discovery Inspector | =3.8 | |
| Trend Micro InterScan Messaging Security Virtual Appliance | =9.1 | |
| Trend Micro InterScan Web Security Virtual Appliance | =6.5 | |
| Trend Micro OfficeScan Corporate Edition | ||
| Trend Micro PortalProtect | =2.6 | |
| Trend Micro ScanMail for Microsoft Exchange | =14.0 | |
| Trend Micro ScanMail for IBM Domino | =5.8 | |
| Linux Kernel | ||
| Trend Micro ServerProtect | =6.0 | |
| Trend Micro Smart Protection Server | =5.8 | |
| EMC Celerra Network Attached Storage | ||
| Novell NetWare FTP Server | ||
| Trend Micro ServerProtect for Network Appliance Filers | =5.8 | |
| NetApp Clustered Data ONTAP | ||
| Trend Micro Safe Lock | =1.1 | |
| Trend Micro Apex One and Worry-Free Business Security | =10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-25252?
CVE-2021-25252 is a vulnerability in Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) that can be exploited by an attacker to cause a denial-of-service or system freeze.
Which software are affected by CVE-2021-25252?
Trend Micro's Apex Central 2019, Trend Micro's Apex One and Worry-Free Business Security 2019, Trend Micro's Cloud Edge 5.0, Trend Micro's Deep Security 10.0/11.0/12.0/20.0, Trend Micro's Control Manager 7.0, Trend Micro's Deep Discovery Analyzer 5.1, Trend Micro's Deep Discovery Email Inspector 2.5, Trend Micro's Deep Discovery Inspector 3.8, Trend Micro's Interscan Messaging Security Virtual Appliance 9.1, Trend Micro's Interscan Web Security Virtual Appliance 6.5, Trend Micro's Officescan, Trend Micro's Portal Protect 2.6, Trend Micro's Scanmail 14.0, Trend Micro's Scanmail for IBM Domino 5.8, Trend Micro's Serverprotect for Storage 6.0, Trend Micro's Serverprotect 5.8, Trend Micro's Safe Lock 1.1, Trend Micro's Worry-free Business Security are affected by CVE-2021-25252.
How severe is CVE-2021-25252?
CVE-2021-25252 has a severity rating of 5.5 (medium).
How can CVE-2021-25252 be fixed?
To fix CVE-2021-25252, it is recommended to apply the latest security patches or updates provided by Trend Micro.
Where can I find more information about CVE-2021-25252?
You can find more information about CVE-2021-25252 on the Trend Micro website at the following link: [https://success.trendmicro.com/solution/000285675](https://success.trendmicro.com/solution/000285675)
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trendmicro
- canonical/trend micro apex central
- version/trend micro apex central/2019
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/trend micro apex one
- version/trend micro apex one/2019
- canonical/trend micro cloud edge
- version/trend micro cloud edge/5.0
- vendor/apple
- canonical/macos
- canonical/trend micro deep security manager
- version/trend micro deep security manager/10.0
- version/trend micro deep security manager/11.0
- version/trend micro deep security manager/12.0
- version/trend micro deep security manager/20.0
- canonical/trend micro control manager
- version/trend micro control manager/7.0
- canonical/trend micro deep discovery analyzer
- version/trend micro deep discovery analyzer/5.1
- canonical/trend micro deep discovery email inspector
- version/trend micro deep discovery email inspector/2.5
- canonical/trend micro deep discovery inspector
- version/trend micro deep discovery inspector/3.8
- canonical/trend micro interscan messaging security virtual appliance
- version/trend micro interscan messaging security virtual appliance/9.1
- canonical/trend micro interscan web security virtual appliance
- version/trend micro interscan web security virtual appliance/6.5
- canonical/trend micro officescan corporate edition
- canonical/trend micro portalprotect
- version/trend micro portalprotect/2.6
- canonical/trend micro scanmail for microsoft exchange
- version/trend micro scanmail for microsoft exchange/14.0
- canonical/trend micro scanmail for ibm domino
- version/trend micro scanmail for ibm domino/5.8
- vendor/linux
- canonical/linux kernel
- canonical/trend micro serverprotect
- version/trend micro serverprotect/6.0
- canonical/trend micro smart protection server
- version/trend micro smart protection server/5.8
- vendor/emc
- canonical/emc celerra network attached storage
- vendor/novell
- canonical/novell netware ftp server
- canonical/trend micro serverprotect for network appliance filers
- version/trend micro serverprotect for network appliance filers/5.8
- vendor/netapp
- canonical/netapp clustered data ontap
- canonical/trend micro safe lock
- version/trend micro safe lock/1.1
- canonical/trend micro apex one and worry-free business security
- version/trend micro apex one and worry-free business security/10.1