Vulnerabilities > Trendmicro > Apex ONE > 2019

DATE CVE VULNERABILITY TITLE RISK
2020-09-29 CVE-2020-24565 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.
local
low complexity
trendmicro CWE-125
5.5
2020-09-29 CVE-2020-24564 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.
local
low complexity
trendmicro CWE-125
5.5
2020-09-29 CVE-2020-24563 Improper Authentication vulnerability in Trendmicro Apex ONE 2019/Saas
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution.
local
low complexity
trendmicro CWE-287
7.8
2020-09-01 CVE-2020-24559 Link Following vulnerability in Trendmicro products
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root.
local
low complexity
trendmicro CWE-59
7.8
2020-09-01 CVE-2020-24558 Out-of-bounds Read vulnerability in Trendmicro products
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product.
local
low complexity
trendmicro CWE-125
7.1
2020-09-01 CVE-2020-24557 Unspecified vulnerability in Trendmicro Apex ONE and Worry-Free Business Security
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation.
local
low complexity
trendmicro
7.8
2020-09-01 CVE-2020-24556 Link Following vulnerability in Trendmicro products
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution.
local
low complexity
trendmicro CWE-59
7.8
2020-08-05 CVE-2020-8607 Improper Input Validation vulnerability in Trendmicro products
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode.
local
low complexity
trendmicro CWE-20
6.7
2020-03-18 CVE-2020-8599 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.
network
low complexity
trendmicro
critical
9.8
2020-03-18 CVE-2020-8598 Missing Authentication for Critical Function vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
network
low complexity
trendmicro CWE-306
critical
9.8