Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-44650 Out-of-bounds Write vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-787
7.8
2022-12-12 CVE-2022-44651 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
high complexity
trendmicro CWE-367
7.0
2022-12-12 CVE-2022-44652 Improper Handling of Exceptional Conditions vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-755
7.8
2022-12-12 CVE-2022-44653 Path Traversal vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-22
7.8
2022-12-12 CVE-2022-44654 Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads.
network
low complexity
trendmicro
7.5
2022-12-12 CVE-2022-45797 Unspecified vulnerability in Trendmicro Apex ONE 2019
An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro
7.1
2022-10-10 CVE-2022-41744 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations.
local
high complexity
trendmicro CWE-367
7.0
2022-10-10 CVE-2022-41745 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations.
local
high complexity
trendmicro CWE-125
7.0
2022-10-10 CVE-2022-41746 Forced Browsing vulnerability in Trendmicro Apex ONE 2019
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings.
network
low complexity
trendmicro CWE-425
critical
9.1
2022-10-10 CVE-2022-41747 Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations.
local
low complexity
trendmicro CWE-295
7.8