Trendmicro Apex One vulnerabilities
173 known vulnerabilities affecting trendmicro/apex_one.
Total CVEs
173
CISA KEV
10
actively exploited
Public exploits
0
Exploited in wild
12
Severity breakdown
CRITICAL10HIGH116MEDIUM47
Vulnerabilities
Page 3 of 9
CVE-2026-45206P3HIGHCVSS 7.8fixed in 14.0.0.17079fixed in 14.0.207312026-05-21
CVE-2026-45206 [HIGH] CWE-346 CVE-2026-45206: An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalat
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i
nvd
CVE-2025-49154P3HIGHCVSS 7.8fixed in 14.0.14492≥ 14.0.0.12994, < 14.0.0.140022025-06-17
CVE-2025-49154 [HIGH] CWE-284 CVE-2025-49154: An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business
An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.
Please note: an attacker must first obtain the ability to execute low-privil
nvd
CVE-2021-45231P3HIGHCVSS 7.8v20192022-01-10
CVE-2021-45231 [HIGH] CWE-59 CVE-2021-45231: A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must firs
nvd
CVE-2021-42012P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42012 [HIGH] CWE-787 CVE-2021-42012: A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi
nvd
CVE-2024-36302P3HIGHCVSS 7.8fixed in 14.0.13139≥ 14.0, < 14.0.0.129802024-06-10
CVE-2024-36302 [HIGH] CWE-346 CVE-2024-36302: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-25145P3HIGHCVSS 7.8fixed in 14.0.11960v20192023-03-10
CVE-2023-25145 [HIGH] CWE-59 CVE-2023-25145: A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-55632P3HIGHCVSS 7.8fixed in 14.0.14203fixed in 2019.131402024-12-31
CVE-2024-55632 [HIGH] CWE-269 CVE-2024-55632: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-55631P3HIGHCVSS 7.8fixed in 14.0.14203fixed in 2019.131402024-12-31
CVE-2024-55631 [HIGH] CWE-269 CVE-2024-55631: An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escal
An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2024-52048P3HIGHCVSS 7.8fixed in 14.0.14203fixed in 2019.131402024-12-31
CVE-2024-52048 [HIGH] CWE-266 CVE-2024-52048: A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to esc
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulne
nvd
CVE-2024-52049P3HIGHCVSS 7.8fixed in 14.0.14203fixed in 2019.131402024-12-31
CVE-2024-52049 [HIGH] CVE-2024-52049: A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to esc
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability
nvd
CVE-2023-52091P3HIGHCVSS 7.8fixed in 14.0.12849v20192024-01-23
CVE-2023-52091 [HIGH] CWE-59 CVE-2023-52091: An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local atta
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-52092P3HIGHCVSS 7.8fixed in 14.0.12849v20192024-01-23
CVE-2023-52092 [HIGH] CWE-59 CVE-2023-52092: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-52094P3HIGHCVSS 7.8fixed in 14.0.12849v20192024-01-23
CVE-2023-52094 [HIGH] CWE-59 CVE-2023-52094: An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attack
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit thi
nvd
CVE-2023-52090P3HIGHCVSS 7.8fixed in 14.0.12849v20192024-01-23
CVE-2023-52090 [HIGH] CWE-59 CVE-2023-52090: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-47192P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47192 [HIGH] CWE-59 CVE-2023-47192: An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-34147P3HIGHCVSS 7.8fixed in 14.0.12518v20192023-06-26
CVE-2023-34147 [HIGH] CVE-2023-34147: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target s
nvd
CVE-2023-34148P3HIGHCVSS 7.8fixed in 14.0.12518v20192023-06-26
CVE-2023-34148 [HIGH] CVE-2023-34148: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target s
nvd
CVE-2023-34146P3HIGHCVSS 7.8fixed in 14.0.12518v20192023-06-26
CVE-2023-34146 [HIGH] CWE-269 CVE-2023-34146: An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service se
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the
nvd
CVE-2023-52093P3HIGHCVSS 7.8fixed in 14.0.12849v20192024-01-23
CVE-2023-52093 [HIGH] CWE-269 CVE-2023-52093: An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local at
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-24678P3HIGHCVSS 7.5v20192022-02-24
CVE-2022-24678 [HIGH] CWE-400 CVE-2022-24678: An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend
An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.
nvd