Trend Micro Inc Trend Micro Apex One vulnerabilities
57 known vulnerabilities affecting trend_micro_inc/trend_micro_apex_one.
Total CVEs
57
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH47MEDIUM7
Vulnerabilities
Page 2 of 3
CVE-2023-52094P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125342024-01-23
CVE-2023-52094 [HIGH] CWE-59 CVE-2023-52094: An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attack
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi
nvd
CVE-2023-52090P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125342024-01-23
CVE-2023-52090 [HIGH] CWE-59 CVE-2023-52090: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-47192P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47192 [HIGH] CWE-59 CVE-2023-47192: An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-34146P3HIGHCVSS 7.8≥ 2019, < 14.0.0.120332023-06-26
CVE-2023-34146 [HIGH] CWE-269 CVE-2023-34146: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the
nvd
CVE-2023-52093P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125342024-01-23
CVE-2023-52093 [HIGH] CWE-269 CVE-2023-52093: An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local at
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-44653P3HIGHCVSS 7.8≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44653 [HIGH] CWE-22 CVE-2022-44653: A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-25146P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.115642023-03-10
CVE-2023-25146 [HIGH] CWE-59 CVE-2023-25146: A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location.
Please note: an attacker must first obtain the ability to execute lo
nvd
CVE-2023-25148P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.115642023-03-10
CVE-2023-25148 [HIGH] CWE-59 CVE-2023-25148: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order t
nvd
CVE-2022-44649P3HIGHCVSS 7.8≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44649 [HIGH] CWE-787 CVE-2022-44649: An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro A
An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerab
nvd
CVE-2024-55917P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.131402024-12-31
CVE-2024-55917 [HIGH] CWE-346 CVE-2024-55917: An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to esc
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-49157P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.140022025-06-17
CVE-2025-49157 [HIGH] CWE-269 CVE-2025-49157: A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-49158P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.140022025-06-17
CVE-2025-49158 [HIGH] CWE-427 CVE-2025-49158: An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a l
An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2025-49156P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.140022025-06-17
CVE-2025-49156 [HIGH] CWE-269 CVE-2025-49156: A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-47200P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47200 [HIGH] CWE-346 CVE-2023-47200: A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could a
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to
nvd
CVE-2022-44650P3HIGHCVSS 7.8≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44650 [HIGH] CWE-787 CVE-2022-44650: A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability
nvd
CVE-2022-44652P3HIGHCVSS 7.8≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44652 [HIGH] CWE-755 CVE-2022-44652: An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-25144P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.115642023-03-10
CVE-2023-25144 [HIGH] CWE-269 CVE-2023-25144: An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attac
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
nvd
CVE-2023-47193P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47193 [HIGH] CWE-346 CVE-2023-47193: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47196P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47196 [HIGH] CWE-346 CVE-2023-47196: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47195P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47195 [HIGH] CWE-346 CVE-2023-47195: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd