Vulnerabilities > Trendmicro > Apex ONE

DATE CVE VULNERABILITY TITLE RISK
2022-10-10 CVE-2022-41744 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations.
local
high complexity
trendmicro CWE-367
7.0
2022-10-10 CVE-2022-41745 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations.
local
high complexity
trendmicro CWE-125
7.0
2022-10-10 CVE-2022-41746 Forced Browsing vulnerability in Trendmicro Apex ONE 2019
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings.
network
low complexity
trendmicro CWE-425
critical
9.1
2022-10-10 CVE-2022-41747 Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations.
local
low complexity
trendmicro CWE-295
7.8
2022-10-10 CVE-2022-41748 Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations.
local
low complexity
trendmicro CWE-276
6.7
2022-10-10 CVE-2022-41749 Origin Validation Error vulnerability in Trendmicro Apex ONE 2019
An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-346
7.8
2022-09-19 CVE-2022-40139 Unspecified vulnerability in Trendmicro Apex ONE 2019
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.
network
low complexity
trendmicro
7.2
2022-09-19 CVE-2022-40140 Origin Validation Error vulnerability in Trendmicro Apex ONE 2019
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations.
local
low complexity
trendmicro CWE-346
5.5
2022-09-19 CVE-2022-40141 Unspecified vulnerability in Trendmicro Apex ONE 2019
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.
network
low complexity
trendmicro
7.5
2022-09-19 CVE-2022-40142 Improper Privilege Management vulnerability in Trendmicro Apex ONE 2019
A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations.
local
low complexity
trendmicro CWE-269
7.8