Vulnerabilities > Trendmicro > Apex ONE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-24 | CVE-2022-45798 | Link Following vulnerability in Trendmicro Apex ONE 2019 A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44649 | Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44650 | Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019 A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44651 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019 A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.0 |
| 2022-12-12 | CVE-2022-44652 | Improper Handling of Exceptional Conditions vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44653 | Path Traversal vulnerability in Trendmicro Apex ONE 14.0.10349/2019 A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44654 | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019 Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. | 7.5 |
| 2022-12-12 | CVE-2022-45797 | Unspecified vulnerability in Trendmicro Apex ONE 2019 An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.1 |
| 2022-10-10 | CVE-2022-41744 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 2019 A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. | 7.0 |
| 2022-10-10 | CVE-2022-41745 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019 An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. | 7.0 |