Vulnerabilities > Trendmicro > Apex ONE

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2021-45231 Link Following vulnerability in Trendmicro products
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system.
local
low complexity
trendmicro CWE-59
7.8
2022-01-10 CVE-2021-45440 Improper Privilege Management vulnerability in Trendmicro products
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-269
7.8
2022-01-10 CVE-2021-45441 Origin Validation Error vulnerability in Trendmicro products
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-346
7.8
2022-01-10 CVE-2021-45442 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
7.1
2021-12-03 CVE-2021-44022 Reachable Assertion vulnerability in Trendmicro Apex ONE 2019
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS).
local
low complexity
trendmicro CWE-617
5.5
2021-10-21 CVE-2021-23139 NULL Pointer Dereference vulnerability in Trendmicro products
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
network
low complexity
trendmicro CWE-476
7.5
2021-10-21 CVE-2021-42011 Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations.
local
low complexity
trendmicro CWE-276
7.8
2021-10-21 CVE-2021-42012 Out-of-bounds Write vulnerability in Trendmicro products
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-787
7.8
2021-10-21 CVE-2021-42101 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-427
7.8
2021-10-21 CVE-2021-42102 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019
An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-427
7.8