Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-32605 Cross-site Scripting vulnerability in Trendmicro Apex Central 2019
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
network
low complexity
trendmicro CWE-79
5.4
2023-03-22 CVE-2023-28005 Unspecified vulnerability in Trendmicro Trend Micro Endpoint Encryption
A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability.
low complexity
trendmicro
6.8
2023-03-10 CVE-2023-25147 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
local
low complexity
trendmicro CWE-427
6.7
2022-12-12 CVE-2022-44647 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.
local
low complexity
trendmicro CWE-125
5.5
2022-12-12 CVE-2022-44648 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
local
low complexity
trendmicro CWE-125
5.5
2022-10-10 CVE-2022-41748 Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations.
local
low complexity
trendmicro CWE-276
6.7
2022-06-09 CVE-2022-30703 Unspecified vulnerability in Trendmicro Security 2021/2022
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information.
local
low complexity
trendmicro
4.6
2022-05-27 CVE-2022-28394 Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
6.9
2022-05-27 CVE-2022-30687 Link Following vulnerability in Trendmicro Maximum Security 2022 17.7
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
local
low complexity
trendmicro CWE-59
6.6
2022-03-08 CVE-2022-26319 Uncontrolled Search Path Element vulnerability in Trendmicro Portable Security 2.0/3.0
An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges.
6.9