The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in its uncontrolled search path. This allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.

The vulnerability of the Data Loss Prevention module in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary co...

The vulnerability of the User Interface Manager component in the Security Agent of Trend Micro’s anti-virus software products, Apex One and Apex One as a Service, allows a malicious actor to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the User Interface Manager component in Trend Micro Apex One and Apex One as a Service anti-virus software programs relates to insecure privilege management. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and execute arbitrary code...

CVE-2023-34145

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syst...

CVE-2023-32556

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

CVE-2022-40142

A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...

CVE-2022-40140

An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)

Overview Trend Micro Apex One and Apex One as a Service contain multiple vulnerabilities. Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the...

Trend Micro Apex One和Trend Micro Apex One as a Service SQL注入漏洞

Trend Micro Apex One and Trend Micro Apex One as a Service are both products of Trend Micro, Inc.Trend Micro Apex One is an endpoint protection software.Trend Micro Apex One as a Service is an Trend Micro Apex One as a Service is an enhanced endpoint security solution. A security vulnerability...

Multiple vulnerabilities in multiple Trend Micro products

Overview Trend Micro Incorporated has released security updates for multiple Trend Micro products. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Apex One 2019 On-prem, Apex One as a Service Local privilege escalation due ...

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

CVE-2024-36304

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order ...

The vulnerability of the Damage Cleanup Engine of the Trend Micro Common Client Real-time Scan antivirus software, including the Apex One and Apex One as a Service solutions, allows a malicious actor to trigger a service failure.

The vulnerability of the Damage Cleanup Engine of the Trend Micro Common Client Real-time Scan antivirus software, specifically Apex One and Apex One as a Service, is related to an incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the Apex One NT Listener anti-virus software programs Trend Micro Apex One and Apex One as a Service allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of the Apex One NT Listener in anti-virus software from Trend Micro’s Apex One and Apex One as a Service is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

PT-2023-9184 · Trend Micro · Trend Micro Apex One As A Service +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Trend Micro Apex One as a Service affected versions not specified Description: A security issue in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose...

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Overview Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Privilege escalation due to a link following...

PT-2023-9183 · Trend Micro · Trend Micro Apex One +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Trend Micro Apex One as a Service affected versions not specified Description: A link following issue in the Damage Cleanup Engine of Trend Micro Apex One and Apex One as a Service could...

The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in the possibility of bypassing the protection mechanisms, allowing attackers to execute arbitrary code with system privileges.

The vulnerability of Trend Micro Apex One and Apex One as a Service antivirus programs relates to the possibility of bypassing protection mechanisms. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with system privileges by uploading the malicious file to the...

CVE-2023-34146

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...

CVE-2023-34144

An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syst...

CVE-2023-34147

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...