CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below -...

CVE-2023-25148

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to...

CVE-2020-24564

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the...

Trend Micro Apex One Console Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apex One console, which listens on TCP ports 8080 and 4343 by default. The issu...

CVE-2020-25774

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the...

Vulnerability fixed in Trend Micro Apex One

Trend Micro has fixed a vulnerability in Apex One. A local, authenticated malicious party can exploit the vulnerability exploit to execute arbitrary code with permissions from the system. For successful abuse, the malicious party must have prior sufficient privileges on the admin console of the...

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in Trend Micro Apex One that stems from an arbitrary file deletion vulnerability that allows a local attacker to elevate privileges and delete files on an affected installation...

PT-2022-26053 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue is related to an improper certification validation vulnerability in Trend Micro Apex One agents. This could allow a local attacker to load a DLL file with system...

The vulnerability of the Apex One and OfficeScan antivirus software lies in errors during the saving of permissions, allowing a hacker to bypass the security measures.

The vulnerability of the Apex One and OfficeScan antivirus software lies in errors during the saving of permissions. Exploiting this vulnerability can allow a remote attacker to bypass security measures...

The vulnerability of the Apex One and OfficeScan anti-virus software relates to the disclosure of information, which allows a malicious actor to gain unauthorized access to protected data.

The vulnerability of the Apex One and OfficeScan antivirus software relates to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Trend Micro Apex One Elevation of Privilege Vulnerability

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the ApexOne Security Agent in Trend Micro Apex One. An...

Trend Micro Apex One elevation of privilege vulnerability (CNVD-2020-52195)

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the logic that controls access to the Misc folder in th...