Trend Micro Apex One vulnerabilities

CVE-2021-25242 [MEDIUM] CVE-2021-25242: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.

CVE-2020-28583 [MEDIUM] CVE-2020-28583: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.

CVE-2020-28573 [MEDIUM] CVE-2020-28573: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.

CVE-2020-28577 [MEDIUM] CVE-2020-28577: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.

CVE-2020-28576 [MEDIUM] CVE-2020-28576: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.

CVE-2020-28582 [MEDIUM] CVE-2020-28582: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.

CVE-2020-28572 [HIGH] CVE-2020-28572: A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product instal A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.

CVE-2020-24563 [HIGH] CWE-287 CVE-2020-24563: A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability

CVE-2020-25773 [HIGH] CWE-415 CVE-2020-25773: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

CVE-2020-25774 [MEDIUM] CWE-125 CVE-2020-25774: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f

CVE-2020-24564 [MEDIUM] CWE-125 CVE-2020-24564: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The

CVE-2020-25770 [MEDIUM] CVE-2020-25770: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to a An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in or

CVE-2020-25771 [MEDIUM] CVE-2020-25771: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to a An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in or

CVE-2020-25772 [MEDIUM] CVE-2020-25772: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to a An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in or

CVE-2020-24565 [MEDIUM] CVE-2020-24565: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to a An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in or

CVE-2020-24559 [HIGH] CWE-59 CVE-2020-24559: A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Busine A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute l

CVE-2020-24557 [HIGH] CVE-2020-24557: A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windo A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target sys

CVE-2020-24558 [HIGH] CWE-125 CVE-2020-24558: A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Bus A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to e

CVE-2020-24556 [HIGH] CVE-2020-24556: A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution

CVE-2020-8607 [MEDIUM] CWE-20 CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker