cbcvebase.

Trend Micro Inc Trend Micro Apex One vulnerabilities

57 known vulnerabilities affecting trend_micro_inc/trend_micro_apex_one.

Total CVEs
57
CISA KEV
2
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH47MEDIUM7

Vulnerabilities

Page 3 of 3
CVE-2023-47194P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47194 [HIGH] CWE-346 CVE-2023-47194: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not ident
nvd
CVE-2023-47197P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47197 [HIGH] CWE-346 CVE-2023-47197: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not ident
nvd
CVE-2023-47198P3HIGHCVSS 7.8≥ 2019 (14.0), < 14.0.0.125262024-01-23
CVE-2023-47198 [HIGH] CWE-346 CVE-2023-47198: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not ident
nvd
CVE-2023-34144P3HIGHCVSS 7.8≥ 2019, < 14.0.0.120332023-06-26
CVE-2023-34144 [HIGH] CWE-426 CVE-2023-34144: An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service securit An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a s
nvd
CVE-2022-45798P3HIGHCVSS 7.8≥ On Premise (14.0), < 14.0.0.11136≥ SaaS (14.0), < 14.0.118402022-12-24
CVE-2022-45798 [HIGH] CWE-59 CVE-2022-45798: A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Tr A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target
nvd
CVE-2022-44654P3HIGHCVSS 7.5≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44654 [HIGH] CWE-122 CVE-2022-44654: Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.
nvd
CVE-2022-45797P4HIGHCVSS 7.1≥ On Premise (14.0), < 14.0.0.11136≥ SaaS (14.0), < 14.0.118402022-12-12
CVE-2022-45797 [HIGH] CVE-2022-45797: An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to expl
nvd
CVE-2024-36304P4HIGHCVSS 7.0≥ 2019 (14.0), < 14.0.0.129802024-06-10
CVE-2024-36304 [HIGH] CWE-367 CVE-2024-36304: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-32554P4HIGHCVSS 7.0≥ 2019, < 14.0.0.120242023-06-26
CVE-2023-32554 [HIGH] CWE-367 CVE-2023-32554: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to
nvd
CVE-2022-44651P4HIGHCVSS 7.0≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44651 [HIGH] CWE-367 CVE-2022-44651: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-25147P4MEDIUMCVSS 6.7≥ 2019 (14.0), < 14.0.0.115642023-03-10
CVE-2023-25147 [MEDIUM] CWE-427 CVE-2023-25147: An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired admin An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to explo
nvd
CVE-2023-32552P4MEDIUMCVSS 5.3≥ 2019, < 14.0.0.120242023-06-26
CVE-2023-32552 [MEDIUM] CWE-281 CVE-2023-32552: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could all An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
nvd
CVE-2024-36307P4MEDIUMCVSS 5.5≥ 2019 (14.0), < 14.0.0.129802024-06-10
CVE-2024-36307 [MEDIUM] CWE-200 CVE-2024-36307: A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service coul A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-44647P4MEDIUMCVSS 5.5≥ On Premise (14.0), < 14.0.0.11126≥ SaaS (14.0), < 14.0.117892022-12-12
CVE-2022-44647 [MEDIUM] CWE-125 CVE-2022-44647: An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not
nvd
CVE-2023-30902P4MEDIUMCVSS 5.5≥ 2019, < 14.0.0.120242023-06-26
CVE-2023-30902 [MEDIUM] CWE-276 CVE-2023-30902: A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent cou A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
nvd
CVE-2024-36306P4MEDIUMCVSS 5.5≥ 2019 (14.0), < 14.0.0.129802024-06-10
CVE-2024-36306 [MEDIUM] CWE-59 CVE-2024-36306: A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-32556P4MEDIUMCVSS 5.5≥ 2019, < 14.0.0.120242023-06-26
CVE-2023-32556 [MEDIUM] CWE-59 CVE-2023-32556: A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could all A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
Trend Micro Inc Trend Micro Apex One vulnerabilities | cvebase