Vulnerabilities > Trendmicro > Apex ONE > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-10 CVE-2022-41747 Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations.
local
low complexity
trendmicro CWE-295
7.8
2022-10-10 CVE-2022-41749 Origin Validation Error vulnerability in Trendmicro Apex ONE 2019
An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-346
7.8
2022-09-19 CVE-2022-40139 Unspecified vulnerability in Trendmicro Apex ONE 2019
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.
network
low complexity
trendmicro
7.2
2022-09-19 CVE-2022-40141 Unspecified vulnerability in Trendmicro Apex ONE 2019
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.
network
low complexity
trendmicro
7.5
2022-05-27 CVE-2022-30700 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE 2019
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations.
local
low complexity
trendmicro CWE-732
7.2
2022-05-27 CVE-2022-30701 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations.
local
low complexity
trendmicro CWE-427
7.2
2022-02-24 CVE-2022-24679 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations.
local
low complexity
trendmicro CWE-59
7.2
2022-02-24 CVE-2022-24680 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations.
local
low complexity
trendmicro CWE-59
7.2
2022-01-10 CVE-2021-45231 Link Following vulnerability in Trendmicro products
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system.
local
low complexity
trendmicro CWE-59
7.2
2022-01-10 CVE-2021-45440 Improper Privilege Management vulnerability in Trendmicro products
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-269
7.2