Trendmicro Apex One vulnerabilities

CVE-2022-40141 [HIGH] CVE-2022-40141: A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to interce A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.

CVE-2022-40140 [MEDIUM] CWE-346 CVE-2022-40140: An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could all An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-36336 [HIGH] CWE-59 CVE-2022-36336: A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Busin A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on

CVE-2022-30701 [HIGH] CWE-427 CVE-2022-30701: An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syste

CVE-2022-30700 [HIGH] CWE-732 CVE-2022-30700: An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service c An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-24680 [HIGH] CWE-59 CVE-2022-24680: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to esc

CVE-2022-24678 [HIGH] CWE-400 CVE-2022-24678: An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations.

CVE-2022-24679 [HIGH] CWE-59 CVE-2022-24679: A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Mi A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected

CVE-2021-44024 [HIGH] CWE-59 CVE-2021-44024: A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Tren A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in

CVE-2021-45440 [HIGH] CWE-269 CVE-2021-45440: A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys

CVE-2021-45442 [HIGH] CVE-2021-45442: A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on pre A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord

CVE-2021-45231 [HIGH] CWE-59 CVE-2021-45231: A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and T A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must firs

CVE-2021-45441 [HIGH] CWE-346 CVE-2021-45441: A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a loc A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord

CVE-2021-44022 [MEDIUM] CWE-617 CVE-2021-44022: A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the pro A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2021-42104 [HIGH] CWE-269 CVE-2021-42104: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system i

CVE-2021-42102 [HIGH] CWE-427 CVE-2021-42102: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2021-42105 [HIGH] CVE-2021-42105: Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order

CVE-2021-23139 [HIGH] CWE-476 CVE-2021-23139: A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.

CVE-2021-42101 [HIGH] CWE-427 CVE-2021-42101: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not

CVE-2021-42012 [HIGH] CWE-787 CVE-2021-42012: A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabi