I was reviewing TrendMicro products as part of an engagement and I found a permissions issue whereby a log file wasn’t configured correct permissions, and additionally I could take control of the permissions of the file.
I reported this issue to the Trend team who issued two bulletins for products which are affected.
SECURITY BULLETIN: March 2021 Security Bulletin for Trend Micro OfficeScan XG SP1
https://success.trendmicro.com/solution/000286157
SECURITY BULLETIN: March 2021 Security Bulletin for Trend Micro Apex One and Apex One as a Service
https://success.trendmicro.com/solution/000286019
Trend have an acknowledgements page for security researchers who submit issues to them, to which I’ve kindly been added.
https://success.trendmicro.com/vulnerability-response