cbcvebase.

Trend Micro Apex One vulnerabilities

71 known vulnerabilities affecting trend_micro/trend_micro_apex_one.

Total CVEs
71
CISA KEV
4
actively exploited
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH40MEDIUM29

Vulnerabilities

Page 3 of 4
CVE-2022-41744P4HIGHCVSS 7.0v2019 (on-prem) and SaaS2022-10-10
CVE-2022-41744 [HIGH] CWE-367 CVE-2022-41744: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integ A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s
nvd
CVE-2020-24558P4HIGHCVSS 7.1v2009 (on premise), SaaS2020-09-01
CVE-2020-24558 [HIGH] CWE-125 CVE-2020-24558: A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Bus A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to e
nvd
CVE-2022-41745P4HIGHCVSS 7.0v2019 (on-prem) and SaaS2022-10-10
CVE-2022-41745 [HIGH] CWE-125 CVE-2022-41745: An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2021-25229P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25229 [MEDIUM] CVE-2021-25229: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
nvd
CVE-2021-25232P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25232 [MEDIUM] CVE-2021-25232: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
nvd
CVE-2020-28583P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28583 [MEDIUM] CVE-2020-28583: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
nvd
CVE-2020-28577P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28577 [MEDIUM] CVE-2020-28577: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
nvd
CVE-2020-28576P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28576 [MEDIUM] CVE-2020-28576: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
nvd
CVE-2020-28573P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28573 [MEDIUM] CVE-2020-28573: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
nvd
CVE-2021-25231P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25231 [MEDIUM] CVE-2021-25231: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
nvd
CVE-2021-25235P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25235 [MEDIUM] CVE-2021-25235: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
nvd
CVE-2021-25234P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25234 [MEDIUM] CVE-2021-25234: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
nvd
CVE-2021-25233P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25233 [MEDIUM] CVE-2021-25233: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
nvd
CVE-2022-41748P4MEDIUMCVSS 6.7v2019 (on-prem) and SaaS2022-10-10
CVE-2022-41748 [MEDIUM] CWE-276 CVE-2022-41748: A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module c A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in
nvd
CVE-2020-28582P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28582 [MEDIUM] CVE-2020-28582: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
nvd
CVE-2021-25242P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25242 [MEDIUM] CVE-2021-25242: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
nvd
CVE-2021-25228P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25228 [MEDIUM] CVE-2021-25228: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
nvd
CVE-2021-25240P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25240 [MEDIUM] CVE-2021-25240: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
nvd
CVE-2021-25230P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25230 [MEDIUM] CVE-2021-25230: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
nvd
CVE-2021-25241P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25241 [MEDIUM] CWE-918 CVE-2021-25241: A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One an A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
nvd
Trend Micro Apex One vulnerabilities | cvebase