Trendmicro Apex One vulnerabilities
173 known vulnerabilities affecting trendmicro/apex_one.
Total CVEs
173
CISA KEV
10
actively exploited
Public exploits
0
Exploited in wild
12
Severity breakdown
CRITICAL10HIGH116MEDIUM47
Vulnerabilities
Page 9 of 9
CVE-2021-25248P4MEDIUMCVSS 5.5v20192021-02-04
CVE-2021-25248 [MEDIUM] CWE-125 CVE-2021-25248: An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2022-44647P4MEDIUMCVSS 5.5fixed in 14.0.11789v20192022-12-12
CVE-2022-44647 [MEDIUM] CWE-125 CVE-2022-44647: An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but not
nvd
CVE-2022-44648P4MEDIUMCVSS 5.5fixed in 14.0.11789v20192022-12-12
CVE-2022-44648 [MEDIUM] CVE-2022-44648: An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but not the sam
nvd
CVE-2021-3848P4MEDIUMCVSS 5.5v20192021-10-06
CVE-2021-3848 [MEDIUM] CVE-2021-3848: An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One a
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an
nvd
CVE-2023-30902P4MEDIUMCVSS 5.5fixed in 14.0.12105v20192023-06-26
CVE-2023-30902 [MEDIUM] CWE-276 CVE-2023-30902: A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent cou
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
nvd
CVE-2024-36306P4MEDIUMCVSS 5.5≥ 14.0, < 14.0.0.129802024-06-10
CVE-2024-36306 [MEDIUM] CWE-59 CVE-2024-36306: A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2021-28646P4MEDIUMCVSS 5.5v20192021-04-13
CVE-2021-28646 [MEDIUM] CWE-732 CVE-2021-28646: An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and Office
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
nvd
CVE-2023-32556P4MEDIUMCVSS 5.5fixed in 14.0.12105v20192023-06-26
CVE-2023-32556 [MEDIUM] CWE-59 CVE-2023-32556: A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could all
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2019-19692P4MEDIUMCVSS 6.1v20192019-12-20
CVE-2019-19692 [MEDIUM] CWE-79 CVE-2019-19692: Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
nvd
CVE-2021-25252P4MEDIUMCVSS 5.5v20192021-03-03
CVE-2021-25252 [MEDIUM] CWE-400 CVE-2021-25252: Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a me
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
nvd
CVE-2021-44022P4MEDIUMCVSS 5.5v20192021-12-03
CVE-2021-44022 [MEDIUM] CWE-617 CVE-2021-44022: A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the pro
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
CVE-2020-25774P4MEDIUMCVSS 4.3v2019vsaas2020-09-29
CVE-2020-25774 [MEDIUM] CWE-125 CVE-2020-25774: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious f
nvd
CVE-2022-40140P4MEDIUMCVSS 5.5v20192022-09-19
CVE-2022-40140 [MEDIUM] CWE-346 CVE-2022-40140: An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could all
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
nvd
← Previous9 / 9