Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-10 | CVE-2022-41746 | Forced Browsing vulnerability in Trendmicro Apex ONE 2019 A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. | 9.1 |
| 2022-10-10 | CVE-2022-41747 | Improper Certificate Validation vulnerability in Trendmicro Apex ONE 2019 An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. | 7.8 |
| 2022-10-10 | CVE-2022-41748 | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019 A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. | 6.7 |
| 2022-10-10 | CVE-2022-41749 | Origin Validation Error vulnerability in Trendmicro Apex ONE 2019 An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
| 2022-09-28 | CVE-2022-40707 | Out-of-bounds Read vulnerability in Trendmicro Deep Security Agent 20.0 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. | 3.3 |
| 2022-09-28 | CVE-2022-40708 | Out-of-bounds Read vulnerability in Trendmicro Deep Security Agent 20.0 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. | 3.3 |
| 2022-09-28 | CVE-2022-40709 | Out-of-bounds Read vulnerability in Trendmicro Deep Security Agent 20.0 An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. | 3.3 |
| 2022-09-28 | CVE-2022-40710 | Link Following vulnerability in Trendmicro Deep Security Agent 20.0 A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. | 7.8 |
| 2022-09-19 | CVE-2022-40139 | Unspecified vulnerability in Trendmicro Apex ONE 2019 Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. | 7.2 |
| 2022-09-19 | CVE-2022-40141 | Unspecified vulnerability in Trendmicro Apex ONE 2019 A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server. | 7.5 |