Vulnerabilities > Trendmicro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-32530 | SQL Injection vulnerability in Trendmicro Apex Central 2019 Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | 8.8 |
| 2023-06-26 | CVE-2023-32554 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019 A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | 7.0 |
| 2023-06-26 | CVE-2023-32555 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019 A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | 7.0 |
| 2023-06-26 | CVE-2023-34144 | Untrusted Search Path vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | 7.8 |
| 2023-06-26 | CVE-2023-34145 | Untrusted Search Path vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | 7.8 |
| 2023-06-26 | CVE-2023-34146 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | 7.8 |
| 2023-06-26 | CVE-2023-34147 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | 7.8 |
| 2023-06-26 | CVE-2023-34148 | Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | 7.8 |
| 2023-06-26 | CVE-2023-35695 | Information Exposure Through Log Files vulnerability in Trendmicro Mobile Security 9.8 A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | 7.5 |
| 2023-03-22 | CVE-2023-25069 | Unspecified vulnerability in Trendmicro Txone Stellarone TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. | 8.8 |