Vulnerabilities > Trendmicro > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-26 | CVE-2023-32605 | Cross-site Scripting vulnerability in Trendmicro Apex Central 2019 Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. | 5.4 |
2023-03-22 | CVE-2023-28005 | Unspecified vulnerability in Trendmicro Trend Micro Endpoint Encryption 6.0.0.3204 A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. low complexity trendmicro | 6.8 |
2023-03-10 | CVE-2023-25147 | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | 6.7 |
2022-12-12 | CVE-2022-44647 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648. | 5.5 |
2022-12-12 | CVE-2022-44648 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647. | 5.5 |
2022-10-10 | CVE-2022-41748 | Incorrect Default Permissions vulnerability in Trendmicro Apex ONE 2019 A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. | 6.7 |
2022-09-19 | CVE-2022-37347 | Out-of-bounds Read vulnerability in Trendmicro Security 12.0 Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | 5.5 |
2022-09-19 | CVE-2022-37348 | Out-of-bounds Read vulnerability in Trendmicro Security 12.0 Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | 5.5 |
2022-09-19 | CVE-2022-40140 | Origin Validation Error vulnerability in Trendmicro Apex ONE 2019 An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. | 5.5 |
2022-06-09 | CVE-2022-30702 | Out-of-bounds Read vulnerability in Trendmicro Security 2022 Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. | 5.5 |