Trend Micro Apex One vulnerabilities
71 known vulnerabilities affecting trend_micro/trend_micro_apex_one.
Total CVEs
71
CISA KEV
4
actively exploited
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH40MEDIUM29
Vulnerabilities
Page 1 of 4
CVE-2021-36741P1HIGHCVSS 8.8KEVv2019, SaaS2021-07-29
CVE-2021-36741 [HIGH] CWE-434 CVE-2021-36741: An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeSca
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vu
nvd
CVE-2020-24557P1HIGHCVSS 7.8KEVv2009 (on premise), SaaS2020-09-01
CVE-2020-24557 [HIGH] CVE-2020-24557: A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windo
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target sys
nvd
CVE-2021-36742P1HIGHCVSS 7.8KEVv2019, SaaS2021-07-29
CVE-2021-36742 [HIGH] CWE-20 CVE-2021-36742: A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan
A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vu
nvd
CVE-2022-40139P1HIGHCVSS 7.2KEVv2019 (on-prem) and SaaS2022-09-19
CVE-2022-40139 [HIGH] CVE-2022-40139: Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Tr
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server ad
nvd
CVE-2022-40144P2CRITICALCVSS 9.8v2019 (on-prem) and SaaS2022-09-19
CVE-2022-40144 [CRITICAL] CWE-287 CVE-2022-40144: A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacke
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.
nvd
CVE-2021-32465P2HIGHCVSS 8.8v2019, SaaS2021-08-04
CVE-2021-32465 [HIGH] CWE-281 CVE-2021-32465: An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service an
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2019-18188P3HIGHCVSS 7.5vAll2019-10-28
CVE-2019-18188 [HIGH] CWE-77 CVE-2019-18188: Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability t
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable
nvd
CVE-2022-41746P3CRITICALCVSS 9.1v2019 (on-prem) and SaaS2022-10-10
CVE-2022-41746 [CRITICAL] CWE-425 CVE-2022-41746: A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the A
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.
nvd
CVE-2021-25253P3HIGHCVSS 7.8v2019, SaaS2021-04-13
CVE-2021-25253 [HIGH] CWE-732 CVE-2021-25253: An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to
nvd
CVE-2021-45231P3HIGHCVSS 7.8v2019, SaaS2022-01-10
CVE-2021-45231 [HIGH] CWE-59 CVE-2021-45231: A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must firs
nvd
CVE-2021-42012P3HIGHCVSS 7.8v2019, SaaS2021-10-21
CVE-2021-42012 [HIGH] CWE-787 CVE-2021-42012: A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi
nvd
CVE-2022-24678P3HIGHCVSS 7.5v2019, SaaS2022-02-24
CVE-2022-24678 [HIGH] CWE-400 CVE-2022-24678: An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend
An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
nvd
CVE-2020-24559P3HIGHCVSS 7.8v2009 (on premise), SaaS2020-09-01
CVE-2020-24559 [HIGH] CWE-59 CVE-2020-24559: A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Busine
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute l
nvd
CVE-2021-32464P3HIGHCVSS 7.8v2019, SaaS2021-08-04
CVE-2021-32464 [HIGH] CWE-276 CVE-2021-32464: An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to e
nvd
CVE-2021-25250P3HIGHCVSS 7.8v2019, SaaS2021-04-13
CVE-2021-25250 [HIGH] CWE-732 CVE-2021-25250: An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2022-24680P3HIGHCVSS 7.8v2019, SaaS2022-02-24
CVE-2022-24680 [HIGH] CWE-59 CVE-2022-24680: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to esc
nvd
CVE-2022-24679P3HIGHCVSS 7.8v2019, SaaS2022-02-24
CVE-2022-24679 [HIGH] CWE-59 CVE-2022-24679: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected
nvd
CVE-2022-40141P3HIGHCVSS 7.5v2019 (on-prem) and SaaS2022-09-19
CVE-2022-40141 [HIGH] CVE-2022-40141: A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to interce
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.
nvd
CVE-2020-25773P3HIGHCVSS 7.8v2009, SaaS2020-09-29
CVE-2020-25773 [HIGH] CWE-415 CVE-2020-25773: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
nvd
CVE-2022-36336P3HIGHCVSS 7.8v2019 and SaaS2022-07-30
CVE-2022-36336 [HIGH] CWE-59 CVE-2022-36336: A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Busin
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on
nvd
1 / 4Next →