Vulnerabilities > Trendmicro > Apex ONE

DATE CVE VULNERABILITY TITLE RISK
2022-12-24 CVE-2022-45798 Link Following vulnerability in Trendmicro Apex ONE 2019
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2022-12-12 CVE-2022-44647 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.
local
low complexity
trendmicro CWE-125
5.5
2022-12-12 CVE-2022-44648 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
local
low complexity
trendmicro CWE-125
5.5
2022-12-12 CVE-2022-44649 Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-787
7.8
2022-12-12 CVE-2022-44650 Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-787
7.8
2022-12-12 CVE-2022-44651 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
high complexity
trendmicro CWE-367
7.0
2022-12-12 CVE-2022-44652 Improper Handling of Exceptional Conditions vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-755
7.8
2022-12-12 CVE-2022-44653 Path Traversal vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-22
7.8
2022-12-12 CVE-2022-44654 Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads.
network
low complexity
trendmicro
7.5
2022-12-12 CVE-2022-45797 Unspecified vulnerability in Trendmicro Apex ONE 2019
An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro
7.1