cbcvebase.

Trend Micro Apex One vulnerabilities

71 known vulnerabilities affecting trend_micro/trend_micro_apex_one.

Total CVEs
71
CISA KEV
4
actively exploited
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH40MEDIUM29

Vulnerabilities

Page 2 of 4
CVE-2021-28645P3HIGHCVSS 7.8v2019, SaaS2021-04-13
CVE-2021-28645 [HIGH] CWE-732 CVE-2021-28645: An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-40142P3HIGHCVSS 7.8v2019 (on-prem) and SaaS2022-09-19
CVE-2022-40142 [HIGH] CWE-269 CVE-2022-40142: A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod
nvd
CVE-2022-30700P3HIGHCVSS 7.8v2019 and SaaS2022-05-27
CVE-2022-30700 [HIGH] CWE-732 CVE-2022-30700: An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service c An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2020-24563P3HIGHCVSS 7.8v2009, SaaS2020-09-29
CVE-2020-24563 [HIGH] CWE-287 CVE-2020-24563: A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability
nvd
CVE-2021-45440P3HIGHCVSS 7.8v20192022-01-10
CVE-2021-45440 [HIGH] CWE-269 CVE-2021-45440: A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys
nvd
CVE-2021-42102P3HIGHCVSS 7.8v2019, SaaS2021-10-21
CVE-2021-42102 [HIGH] CWE-427 CVE-2021-42102: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2021-42101P3HIGHCVSS 7.8v2019, SaaS2021-10-21
CVE-2021-42101 [HIGH] CWE-427 CVE-2021-42101: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not
nvd
CVE-2021-25249P3HIGHCVSS 7.8v2019, SaaS2021-02-04
CVE-2021-25249 [HIGH] CWE-787 CVE-2021-25249: An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and Saa An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2021-42108P3HIGHCVSS 7.8v2019, SaaS2021-10-21
CVE-2021-42108 [HIGH] CWE-269 CVE-2021-42108: Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Serv Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t
nvd
CVE-2022-30701P3HIGHCVSS 7.8v2019 and SaaS2022-05-27
CVE-2022-30701 [HIGH] CWE-427 CVE-2022-30701: An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syste
nvd
CVE-2021-42104P3HIGHCVSS 7.8v2019, SaaS2021-10-21
CVE-2021-42104 [HIGH] CWE-269 CVE-2021-42104: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i
nvd
CVE-2021-32463P3HIGHCVSS 7.8v2019, SaaS2021-07-20
CVE-2021-32463 [HIGH] CWE-732 CVE-2021-32463: An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ab
nvd
CVE-2021-42011P3HIGHCVSS 7.8v2019, SaaS2021-10-21
CVE-2021-42011 [HIGH] CWE-276 CVE-2021-42011: An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service c An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2021-45441P3HIGHCVSS 7.8v2019, SaaS2022-01-10
CVE-2021-45441 [HIGH] CWE-346 CVE-2021-45441: A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a loc A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord
nvd
CVE-2022-41747P3HIGHCVSS 7.8v2019 (on-prem) and SaaS2022-10-10
CVE-2022-41747 [HIGH] CWE-295 CVE-2022-41747: An improper certification validation vulnerability in Trend Micro Apex One agents could allow a loca An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-41749P3HIGHCVSS 7.8v2019 (on-prem) and SaaS2022-10-10
CVE-2022-41749 [HIGH] CWE-346 CVE-2022-41749: An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2020-28572P3HIGHCVSS 7.8vOn Premise (2019)2020-11-18
CVE-2020-28572 [HIGH] CVE-2020-28572: A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product instal A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.
nvd
CVE-2021-23139P3HIGHCVSS 7.5v20192021-10-21
CVE-2021-23139 [HIGH] CWE-476 CVE-2021-23139: A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
nvd
CVE-2021-25246P3MEDIUMCVSS 6.5v2019, SaaS2021-02-04
CVE-2021-25246 [MEDIUM] CVE-2021-25246: An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
nvd
CVE-2022-40143P3HIGHCVSS 7.3v2019 (on-prem) and SaaS2022-09-19
CVE-2022-40143 [HIGH] CWE-59 CVE-2022-40143: A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Ap A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privilege
nvd
Trend Micro Apex One vulnerabilities | cvebase