Vulnerabilities > Trendmicro > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-32605 Cross-site Scripting vulnerability in Trendmicro Apex Central 2019
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
network
low complexity
trendmicro CWE-79
5.4
2023-03-22 CVE-2023-28005 Unspecified vulnerability in Trendmicro Trend Micro Endpoint Encryption 6.0.0.3204
A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability.
low complexity
trendmicro
6.8
2023-03-10 CVE-2023-25147 Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
local
low complexity
trendmicro CWE-427
6.7
2022-12-12 CVE-2022-44647 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.
local
low complexity
trendmicro CWE-125
5.5
2022-12-12 CVE-2022-44648 Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
local
low complexity
trendmicro CWE-125
5.5
2022-10-10 CVE-2022-41748 Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations.
local
low complexity
trendmicro CWE-276
6.7
2022-09-19 CVE-2022-37347 Out-of-bounds Read vulnerability in Trendmicro Security 12.0
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.
local
low complexity
trendmicro CWE-125
5.5
2022-09-19 CVE-2022-37348 Out-of-bounds Read vulnerability in Trendmicro Security 12.0
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.
local
low complexity
trendmicro CWE-125
5.5
2022-09-19 CVE-2022-40140 Origin Validation Error vulnerability in Trendmicro Apex ONE 2019
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations.
local
low complexity
trendmicro CWE-346
5.5
2022-06-09 CVE-2022-30702 Out-of-bounds Read vulnerability in Trendmicro Security 2022
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
local
low complexity
trendmicro CWE-125
5.5