Trendmicro Apex One vulnerabilities
173 known vulnerabilities affecting trendmicro/apex_one.
Total CVEs
173
CISA KEV
10
actively exploited
Public exploits
0
Exploited in wild
12
Severity breakdown
CRITICAL10HIGH116MEDIUM47
Vulnerabilities
Page 7 of 9
CVE-2021-44024P4HIGHCVSS 7.1v20192022-01-10
CVE-2021-44024 [HIGH] CWE-59 CVE-2021-44024: A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Tren
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in
nvd
CVE-2021-45442P4HIGHCVSS 7.1v20192022-01-10
CVE-2021-45442 [HIGH] CVE-2021-45442: A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on pre
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord
nvd
CVE-2022-41744P4HIGHCVSS 7.0v20192022-10-10
CVE-2022-41744 [HIGH] CWE-367 CVE-2022-41744: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integ
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target s
nvd
CVE-2020-24558P4HIGHCVSS 7.1v2019vsaas2020-09-01
CVE-2020-24558 [HIGH] CWE-125 CVE-2020-24558: A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Bus
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to e
nvd
CVE-2022-41745P4HIGHCVSS 7.0v20192022-10-10
CVE-2022-41745 [HIGH] CWE-125 CVE-2022-41745: An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2023-32554P4HIGHCVSS 7.0fixed in 14.0.12105v20192023-06-26
CVE-2023-32554 [HIGH] CWE-367 CVE-2023-32554: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.
Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to
nvd
CVE-2023-32555P4HIGHCVSS 7.0fixed in 14.0.12105v20192023-06-26
CVE-2023-32555 [HIGH] CVE-2023-32555: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.
Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but no
nvd
CVE-2022-44651P4HIGHCVSS 7.0fixed in 14.0.11789v20192022-12-12
CVE-2022-44651 [HIGH] CWE-367 CVE-2022-44651: A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2023-25147P4MEDIUMCVSS 6.7fixed in 14.0.11960v20192023-03-10
CVE-2023-25147 [MEDIUM] CWE-427 CVE-2023-25147: An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired admin
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process.
Please note: an attacker must first obtain administrative access on the target system via another method in order to explo
nvd
CVE-2021-25229P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25229 [MEDIUM] CVE-2021-25229: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
nvd
CVE-2021-25232P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25232 [MEDIUM] CVE-2021-25232: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
nvd
CVE-2020-28583P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28583 [MEDIUM] CVE-2020-28583: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
nvd
CVE-2020-28577P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28577 [MEDIUM] CVE-2020-28577: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
nvd
CVE-2020-28576P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28576 [MEDIUM] CVE-2020-28576: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
nvd
CVE-2020-28573P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28573 [MEDIUM] CVE-2020-28573: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
nvd
CVE-2021-25231P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25231 [MEDIUM] CVE-2021-25231: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
nvd
CVE-2021-25235P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25235 [MEDIUM] CVE-2021-25235: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
nvd
CVE-2021-25234P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25234 [MEDIUM] CVE-2021-25234: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
nvd
CVE-2021-25233P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25233 [MEDIUM] CVE-2021-25233: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
nvd
CVE-2023-52330P4MEDIUMCVSS 6.1fixed in 14.0.12849v20192024-01-23
CVE-2023-52330 [MEDIUM] CWE-79 CVE-2023-52330: A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to ex
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central.
Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
nvd