Vulnerabilities > Trendmicro > Apex ONE > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-32557 Path Traversal vulnerability in Trendmicro Apex ONE
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
network
low complexity
trendmicro CWE-22
critical
9.8
2023-03-10 CVE-2023-25143 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.
network
low complexity
trendmicro CWE-427
critical
9.8
2023-02-01 CVE-2023-0587 Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE
A file upload vulnerability in exists in Trend Micro Apex One server build 11110.
network
low complexity
trendmicro CWE-434
critical
9.1
2022-10-10 CVE-2022-41746 Forced Browsing vulnerability in Trendmicro Apex ONE 2019
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings.
network
low complexity
trendmicro CWE-425
critical
9.1
2022-09-19 CVE-2022-40144 Improper Authentication vulnerability in Trendmicro Apex ONE 2019
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.
network
low complexity
trendmicro CWE-287
critical
9.8
2022-03-29 CVE-2022-26871 Insufficient Verification of Data Authenticity vulnerability in Trendmicro Apex Central and Apex ONE
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
network
low complexity
trendmicro CWE-345
critical
9.8
2020-03-18 CVE-2020-8598 Missing Authentication for Critical Function vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
network
low complexity
trendmicro CWE-306
critical
9.8
2020-03-18 CVE-2020-8599 Unspecified vulnerability in Trendmicro Apex ONE and Officescan
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.
network
low complexity
trendmicro
critical
9.8
2019-10-28 CVE-2019-18189 Path Traversal vulnerability in Trendmicro Apex One, Officescan and Worry-Free Business Security
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user.
network
low complexity
trendmicro CWE-22
critical
9.8