Vulnerabilities > Trendmicro > Apex ONE > 2019
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-29 | CVE-2020-24565 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. | 5.5 |
| 2020-09-29 | CVE-2020-24564 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. | 5.5 |
| 2020-09-29 | CVE-2020-24563 | Improper Authentication vulnerability in Trendmicro Apex ONE 2019/Saas A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. | 7.8 |
| 2020-09-01 | CVE-2020-24559 | Link Following vulnerability in Trendmicro products A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. | 7.8 |
| 2020-09-01 | CVE-2020-24558 | Out-of-bounds Read vulnerability in Trendmicro products A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. | 7.1 |
| 2020-09-01 | CVE-2020-24557 | Unspecified vulnerability in Trendmicro Apex ONE and Worry-Free Business Security A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. | 7.8 |
| 2020-09-01 | CVE-2020-24556 | Link Following vulnerability in Trendmicro products A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. | 7.8 |
| 2020-08-05 | CVE-2020-8607 | Improper Input Validation vulnerability in Trendmicro products An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. | 6.7 |
| 2020-03-18 | CVE-2020-8599 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. | 9.8 |
| 2020-03-18 | CVE-2020-8598 | Missing Authentication for Critical Function vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. | 9.8 |