cbcvebase.

Trendmicro Apex One vulnerabilities

173 known vulnerabilities affecting trendmicro/apex_one.

Total CVEs
173
CISA KEV
10
actively exploited
Public exploits
0
Exploited in wild
12
Severity breakdown
CRITICAL10HIGH116MEDIUM47

Vulnerabilities

Page 8 of 9
CVE-2022-41748P4MEDIUMCVSS 6.7v20192022-10-10
CVE-2022-41748 [MEDIUM] CWE-276 CVE-2022-41748: A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module c A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in
nvd
CVE-2020-28582P4MEDIUMCVSS 5.3v20192020-12-01
CVE-2020-28582 [MEDIUM] CVE-2020-28582: An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
nvd
CVE-2021-25242P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25242 [MEDIUM] CVE-2021-25242: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
nvd
CVE-2021-25228P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25228 [MEDIUM] CVE-2021-25228: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
nvd
CVE-2021-25240P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25240 [MEDIUM] CVE-2021-25240: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
nvd
CVE-2021-25230P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25230 [MEDIUM] CVE-2021-25230: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan X An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
nvd
CVE-2021-25241P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25241 [MEDIUM] CWE-918 CVE-2021-25241: A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One an A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
nvd
CVE-2021-25237P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25237 [MEDIUM] CVE-2021-25237: An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenti An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
nvd
CVE-2020-8607P4MEDIUMCVSS 6.7v2019vsaas2020-08-05
CVE-2020-8607 [MEDIUM] CWE-20 CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker
nvd
CVE-2021-25243P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25243 [MEDIUM] CVE-2021-25243: An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG S An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
nvd
CVE-2021-25239P4MEDIUMCVSS 5.3v20192021-02-04
CVE-2021-25239 [MEDIUM] CVE-2021-25239: An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and W An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
nvd
CVE-2023-32552P4MEDIUMCVSS 5.3fixed in 14.0.12105v20192023-06-26
CVE-2023-32552 [MEDIUM] CWE-281 CVE-2023-32552: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could all An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
nvd
CVE-2023-32553P4MEDIUMCVSS 5.3fixed in 14.0.12105v20192023-06-26
CVE-2023-32553 [MEDIUM] CVE-2023-32553: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could all An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.
nvd
CVE-2019-19691P4MEDIUMCVSS 4.9v20192019-12-20
CVE-2019-19691 [MEDIUM] CVE-2019-19691: A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.
nvd
CVE-2020-24564P4MEDIUMCVSS 5.5v2019vsaas2020-09-29
CVE-2020-24564 [MEDIUM] CWE-125 CVE-2020-24564: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The
nvd
CVE-2020-25770P4MEDIUMCVSS 5.5v2019vsaas2020-09-29
CVE-2020-25770 [MEDIUM] CVE-2020-25770: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs aff
nvd
CVE-2020-25771P4MEDIUMCVSS 5.5v2019vsaas2020-09-29
CVE-2020-25771 [MEDIUM] CVE-2020-25771: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs aff
nvd
CVE-2020-25772P4MEDIUMCVSS 5.5v2019vsaas2020-09-29
CVE-2020-25772 [MEDIUM] CVE-2020-25772: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs aff
nvd
CVE-2020-24565P4MEDIUMCVSS 5.5v2019vsaas2020-09-29
CVE-2020-24565 [MEDIUM] CVE-2020-24565: An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs aff
nvd
CVE-2024-36307P4MEDIUMCVSS 5.5≤ 14.0.13139≥ 14.0, ≤ 14.0.0.129802024-06-10
CVE-2024-36307 [MEDIUM] CWE-200 CVE-2024-36307: A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service coul A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
Trendmicro Apex One vulnerabilities | cvebase