Vulnerabilities > Trendmicro > Apex ONE > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-36306 Link Following vulnerability in Trendmicro Apex ONE
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
5.5
2024-01-23 CVE-2023-52330 Cross-site Scripting vulnerability in Trendmicro Apex ONE
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
network
low complexity
trendmicro CWE-79
6.1
2023-06-26 CVE-2023-30902 Unspecified vulnerability in Trendmicro Apex ONE
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
local
low complexity
trendmicro
5.5
2023-06-26 CVE-2023-32552 Unspecified vulnerability in Trendmicro Apex ONE
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553
network
low complexity
trendmicro
5.3
2023-06-26 CVE-2023-32553 Unspecified vulnerability in Trendmicro Apex ONE
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.
network
low complexity
trendmicro
5.3
2023-06-26 CVE-2023-32556 Link Following vulnerability in Trendmicro Apex ONE
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
5.5
2023-03-10 CVE-2023-25147 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
local
low complexity
trendmicro CWE-427
6.7
2022-12-12 CVE-2022-44647 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.
local
low complexity
trendmicro CWE-125
5.5
2022-12-12 CVE-2022-44648 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
local
low complexity
trendmicro CWE-125
5.5
2022-10-10 CVE-2022-41748 Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations.
local
low complexity
trendmicro CWE-276
6.7