Vulnerabilities > Trendmicro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-25143 | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | 9.8 |
| 2023-03-10 | CVE-2023-25144 | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | 7.8 |
| 2023-03-10 | CVE-2023-25145 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25146 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25147 | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | 6.7 |
| 2023-03-10 | CVE-2023-25148 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-02-01 | CVE-2023-0587 | Unrestricted Upload of File with Dangerous Type vulnerability in Trendmicro Apex ONE A file upload vulnerability in exists in Trend Micro Apex One server build 11110. | 9.1 |
| 2023-01-20 | CVE-2022-48191 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Maximum Security 2022 17.7 A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | 7.0 |
| 2022-12-24 | CVE-2022-45798 | Link Following vulnerability in Trendmicro Apex ONE 2019 A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-12 | CVE-2022-44647 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648. | 5.5 |