Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-19 | CVE-2022-40139 | Unspecified vulnerability in Trendmicro Apex ONE 2019 Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. | 7.2 |
| 2022-09-19 | CVE-2022-40140 | Origin Validation Error vulnerability in Trendmicro Apex ONE 2019 An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. | 5.5 |
| 2022-09-19 | CVE-2022-40141 | Unspecified vulnerability in Trendmicro Apex ONE 2019 A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server. | 7.5 |
| 2022-09-19 | CVE-2022-40142 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 2019 A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. | 7.8 |
| 2022-09-19 | CVE-2022-40143 | Link Following vulnerability in Trendmicro Apex ONE 2019 A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. | 7.3 |
| 2022-09-19 | CVE-2022-40144 | Improper Authentication vulnerability in Trendmicro Apex ONE 2019 A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | 9.8 |
| 2022-09-19 | CVE-2022-40980 | Unspecified vulnerability in Trendmicro Mobile Security 9.8 A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. | 9.1 |
| 2022-07-30 | CVE-2022-33158 | Files or Directories Accessible to External Parties vulnerability in Trendmicro VPN Proxy ONE PRO Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | 7.8 |
| 2022-07-30 | CVE-2022-35234 | Out-of-bounds Read vulnerability in Trendmicro Security 2021/2022 Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | 7.1 |
| 2022-07-30 | CVE-2022-36336 | Link Following vulnerability in Trendmicro products A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |