Trend Micro Apex One vulnerabilities
71 known vulnerabilities affecting trend_micro/trend_micro_apex_one.
Total CVEs
71
CISA KEV
4
actively exploited
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH40MEDIUM29
Vulnerabilities
Page 4 of 4
CVE-2021-25237P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25237 [MEDIUM] CVE-2021-25237: An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenti
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
nvd
CVE-2020-8607P4MEDIUMCVSS 6.7v2019 (On premise), SaaS2020-08-05
CVE-2020-8607 [MEDIUM] CWE-20 CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker
nvd
CVE-2021-25243P4MEDIUMCVSS 5.3v2019, SaaS2021-02-04
CVE-2021-25243 [MEDIUM] CVE-2021-25243: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
nvd
CVE-2021-25239P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25239 [MEDIUM] CVE-2021-25239: An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and W
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
nvd
CVE-2020-24564P4MEDIUMCVSS 5.5v2009, SaaS2020-09-29
CVE-2020-24564 [MEDIUM] CWE-125 CVE-2020-24564: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The
nvd
CVE-2021-25248P4MEDIUMCVSS 5.5v2019, SaaS2021-02-04
CVE-2021-25248 [MEDIUM] CWE-125 CVE-2021-25248: An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2021-3848P4MEDIUMCVSS 5.5v2019, SaaS2021-10-06
CVE-2021-3848 [MEDIUM] CVE-2021-3848: An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One a
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an
nvd
CVE-2021-28646P4MEDIUMCVSS 5.5v2019, SaaS2021-04-13
CVE-2021-28646 [MEDIUM] CWE-732 CVE-2021-28646: An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and Office
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
nvd
CVE-2021-44022P4MEDIUMCVSS 5.5v20192021-12-03
CVE-2021-44022 [MEDIUM] CWE-617 CVE-2021-44022: A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the pro
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2020-25774P4MEDIUMCVSS 4.3v2009, SaaS2020-09-29
CVE-2020-25774 [MEDIUM] CWE-125 CVE-2020-25774: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f
nvd
CVE-2022-40140P4MEDIUMCVSS 5.5v2019 (on-prem) and SaaS2022-09-19
CVE-2022-40140 [MEDIUM] CWE-346 CVE-2022-40140: An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could all
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
← Previous4 / 4