Vulnerabilities > Trendmicro > Apex ONE > 14.0.10349
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-30902 | Unspecified vulnerability in Trendmicro Apex ONE A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. | 5.5 |
| 2023-06-26 | CVE-2023-32552 | Unspecified vulnerability in Trendmicro Apex ONE An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | 5.3 |
| 2023-06-26 | CVE-2023-32553 | Unspecified vulnerability in Trendmicro Apex ONE An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | 5.3 |
| 2023-06-26 | CVE-2023-32554 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | 7.0 |
| 2023-06-26 | CVE-2023-32555 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | 7.0 |
| 2023-06-26 | CVE-2023-32556 | Link Following vulnerability in Trendmicro Apex ONE A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 5.5 |
| 2023-06-26 | CVE-2023-32557 | Path Traversal vulnerability in Trendmicro Apex ONE A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | 9.8 |
| 2023-06-26 | CVE-2023-34144 | Untrusted Search Path vulnerability in Trendmicro Apex ONE An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | 7.8 |
| 2023-06-26 | CVE-2023-34145 | Untrusted Search Path vulnerability in Trendmicro Apex ONE An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | 7.8 |
| 2023-06-26 | CVE-2023-34146 | Improper Privilege Management vulnerability in Trendmicro Apex ONE An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | 7.8 |