Trendmicro Apex One vulnerabilities
173 known vulnerabilities affecting trendmicro/apex_one.
Total CVEs
173
CISA KEV
10
actively exploited
Public exploits
0
Exploited in wild
12
Severity breakdown
CRITICAL10HIGH116MEDIUM47
Vulnerabilities
Page 5 of 9
CVE-2021-28645P3HIGHCVSS 7.8v20192021-04-13
CVE-2021-28645 [HIGH] CWE-732 CVE-2021-28645: An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-44650P3HIGHCVSS 7.8fixed in 14.0.11789v20192022-12-12
CVE-2022-44650 [HIGH] CWE-787 CVE-2022-44650: A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability
nvd
CVE-2022-44652P3HIGHCVSS 7.8fixed in 14.0.11789v20192022-12-12
CVE-2022-44652 [HIGH] CWE-755 CVE-2022-44652: An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2022-40142P3HIGHCVSS 7.8v20192022-09-19
CVE-2022-40142 [HIGH] CWE-269 CVE-2022-40142: A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend
A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged cod
nvd
CVE-2023-25144P3HIGHCVSS 7.8fixed in 14.0.11960v20192023-03-10
CVE-2023-25144 [HIGH] CWE-269 CVE-2023-25144: An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attac
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
nvd
CVE-2022-30700P3HIGHCVSS 7.8fixed in 14.0.10349v20192022-05-27
CVE-2022-30700 [HIGH] CWE-732 CVE-2022-30700: An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service c
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-47193P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47193 [HIGH] CWE-346 CVE-2023-47193: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47196P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47196 [HIGH] CWE-346 CVE-2023-47196: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47195P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47195 [HIGH] CWE-346 CVE-2023-47195: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47194P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47194 [HIGH] CWE-346 CVE-2023-47194: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47197P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47197 [HIGH] CWE-346 CVE-2023-47197: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47198P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47198 [HIGH] CWE-346 CVE-2023-47198: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not ident
nvd
CVE-2023-47199P3HIGHCVSS 7.8fixed in 14.0.12737v20192024-01-23
CVE-2023-47199 [HIGH] CVE-2023-47199: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to,
nvd
CVE-2020-24563P3HIGHCVSS 7.8v2019vsaas2020-09-29
CVE-2020-24563 [HIGH] CWE-287 CVE-2020-24563: A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability
nvd
CVE-2021-45440P3HIGHCVSS 7.8v20192022-01-10
CVE-2021-45440 [HIGH] CWE-269 CVE-2021-45440: A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Se
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys
nvd
CVE-2021-42102P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42102 [HIGH] CWE-427 CVE-2021-42102: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2021-42101P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42101 [HIGH] CWE-427 CVE-2021-42101: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not
nvd
CVE-2021-42103P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42103 [HIGH] CVE-2021-42103: An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar but not identica
nvd
CVE-2021-25249P3HIGHCVSS 7.8v20192021-02-04
CVE-2021-25249 [HIGH] CWE-787 CVE-2021-25249: An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and Saa
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2021-42108P3HIGHCVSS 7.8v20192021-10-21
CVE-2021-42108 [HIGH] CWE-269 CVE-2021-42108: Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Serv
Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit t
nvd