Vulnerabilities > Trendmicro > Apex ONE > 2019
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-25143 | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | 9.8 |
| 2023-03-10 | CVE-2023-25144 | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | 7.8 |
| 2023-03-10 | CVE-2023-25145 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25146 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25147 | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | 6.7 |
| 2023-03-10 | CVE-2023-25148 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-24 | CVE-2022-45798 | Link Following vulnerability in Trendmicro Apex ONE 2019 A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44647 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648. | 5.5 |
| 2022-12-12 | CVE-2022-44648 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647. | 5.5 |
| 2022-12-12 | CVE-2022-44649 | Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |