Lucene search
+L
TrendmicroApex One

180 matches found

CVE
CVE
added 2022/03/29 8:45 p.m.1159 views

CVE-2022-26871

Trend Micro Apex Central (on-prem and service) contains an unauthenticated arbitrary file upload vulnerability (CVE-2022-26871) that can lead to remote code execution. Public sources consistently describe a vulnerability in Apex Central’s file-upload handling (improper checks for file contents) t...

9.8CVSS9.8AI score0.19633EPSS
In wild
CVE
CVE
added 2021/07/29 7:23 p.m.1122 views

CVE-2021-36741

CVE-2021-36741 affects Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1. The root cause is an improper input validation that enables a remote attacker, who must have access to log in to the product management console, to upload arbitrary files ...

8.8CVSS8.6AI score0.04951EPSS
In wild
CVE
CVE
added 2021/07/29 7:23 p.m.1105 views

CVE-2021-36742

CVE-2021-36742 is an improper input validation vulnerability that affects Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1. The root cause is flawed input validation that lets a local attacker escalate privileges after obtaining the ability to r...

7.8CVSS7.9AI score0.01482EPSS
In wild
CVE
CVE
added 2020/09/01 6:55 p.m.1021 views

CVE-2020-24557

CVE-2020-24557 affects Trend Micro Apex One, OfficeScan, and Worry‑Free Business Security on Windows. The issue is an improper access control that allows an attacker who can run low‑privilege code to manipulate a protected product folder, disable security temporarily, abuse a Windows function, an...

7.8CVSS7.7AI score0.02639EPSS
In wild
CVE
CVE
added 2020/03/18 12:30 a.m.944 views

CVE-2020-8599

CVE-2020-8599 affects Trend Micro Apex One (2019) and OfficeScan XG servers. The issue is in a vulnerable EXE on the server that could let an unauthenticated remote attacker write arbitrary data to an arbitrary path and bypass ROOT login. The description indicates no authentication is required to...

10CVSS9.4AI score0.11576EPSS
In wild
CVE
CVE
added 2020/03/18 12:30 a.m.930 views

CVE-2020-8467

CVE-2020-8467 affects Trend Micro Apex One (2019) and OfficeScan XG via a vulnerability in the migration tool component that enables remote code execution. The attack requires user authentication to be attempted. NVD scoring indicates high impact (CVSSv3.1 base 8.8; HIGH). CISA KEV catalogs this ...

8.8CVSS9.4AI score0.10793EPSS
In wild
CVE
CVE
added 2020/03/18 12:30 a.m.924 views

CVE-2020-8468

CVE-2020-8468 affects Trend Micro Apex One (2019), OfficeScan XG and Worry‑Free Business Security agents. Described as a content validation escape vulnerability that could allow an attacker to manipulate agent client components; an attack requires user authentication. The connected documents prov...

8.8CVSS8.9AI score0.05754EPSS
In wild
CVE
CVE
added 2022/09/19 6:1 p.m.749 views

CVE-2022-40139

CVE-2022-40139 involves improper validation of rollback mechanism components in Trend Micro Apex One and Apex One as a Service. An administrator who has access to the product’s management console can instruct affected clients to download an unverified rollback package, potentially enabling remote...

7.2CVSS7.7AI score0.03054EPSS
In wild
CVE
CVE
added 2023/09/19 1:44 p.m.396 views

CVE-2023-41179

CVE-2023-41179 affects Trend Micro Apex One (on‑prem and SaaS) and Worry‑Free Business Security products, via a vulnerability in the third‑party AV uninstaller module that could allow arbitrary code execution. An attacker must have administrative console access to exploit the issue, and the vulne...

7.2CVSS7.4AI score0.04739EPSS
In wild
CVE
CVE
added 2023/02/01 12:0 a.m.273 views

CVE-2023-0587

CVE-2023-0587 (Trend Micro Apex One) is a file upload vulnerability in Apex One server build 11110. An unauthenticated remote attacker can exploit a malformed Content-Length header in an HTTP PUT to /officescan/console/html/cgi/fcgiOfcDDA.exe to upload arbitrary files into the SampleSubmission di...

9.1CVSS9.3AI score0.59585EPSS
CVE
CVE
added 2025/08/05 1:0 p.m.156 views

CVE-2025-54948

CVE-2025-54948 affects Trend Micro Apex One (on-premise) management console. The vulnerability is an OS command injection that could allow a pre-authenticated remote attacker to upload malicious code and execute commands. Exploitation details are supported by multiple sources in Connected documen...

9.8CVSS7AI score0.2079EPSS
In wild
CVE
CVE
added 2022/02/24 2:45 a.m.115 views

CVE-2022-24678

CVE-2022-24678 affects Trend Micro Apex One and related agents (Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Services). The vulnerability is a denial-of-service caused by resource exhaustion in the agent’s logging path: an attacker can flood a temporary log location by issuing...

7.5CVSS7.4AI score0.02335EPSS
CVE
CVE
added 2020/03/18 12:30 a.m.113 views

CVE-2020-8598

CVE-2020-8598 affects Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security servers (9.0/9.5/10.0). The vulnerability is in a server component: a vulnerable service DLL that could allow an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges. Publ...

10CVSS9.6AI score0.1324EPSS
In wild
CVE
CVE
added 2020/03/18 12:30 a.m.112 views

CVE-2020-8470

The CVE-2020-8470 entry concerns Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security server components. A vulnerable service DLL on the server could allow an unauthenticated attacker to delete arbitrary files with SYSTEM privileges. Public references indicate this is one o...

9.4CVSS7.8AI score0.04472EPSS
In wild
CVE
CVE
added 2022/09/19 12:0 a.m.110 views

CVE-2022-40144

Trend Micro Apex One and Trend Micro Apex One as a Service are affected by CVE-2022-40144, where an attacker who can access the admin console or the system can bypass login authentication by sending specially crafted requests. The JVN/NVD entries describe a broader set of related vulnerabilities ...

9.8CVSS9.4AI score0.0218EPSS
CVE
CVE
added 2022/02/24 2:45 a.m.105 views

CVE-2022-24680

CVE-2022-24680 affects Trend Micro Apex One family (Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and related service agents). The root cause is a local privilege escalation in the NT Apex One RealTime Scan Service where an attacker can create a mount point, enabling arbi...

7.8CVSS7.9AI score0.00477EPSS
CVE
CVE
added 2022/02/24 2:45 a.m.101 views

CVE-2022-24679

CVE-2022-24679 concerns Trend Micro Apex One and related products (Apex One as a Service, WSB/Security Services agents). The vulnerability exists in the NT Apex One RealTime Scan Service: by abusing a DOS device redirection, a local attacker can create a writable folder in an arbitrary location a...

7.8CVSS7.9AI score0.00477EPSS
CVE
CVE
added 2025/08/05 1:0 p.m.99 views

CVE-2025-54987

CVE-2025-54987 affects Trend Micro Apex One on-premise management console. A pre-authenticated remote attacker can upload malicious code and execute commands due to a shared root cause with CVE-2025-54948, differing only by CPU architecture. Impact is high (remote code execution with network acce...

9.8CVSS7AI score0.17066EPSS
In wild
CVE
CVE
added 2022/10/10 12:0 a.m.95 views

CVE-2022-41745

CVE-2022-41745 affects Trend Micro Apex One (on-premises and Apex One as a Service). It is described as an Out-of-Bounds access vulnerability leading to memory corruption in a service process, enabling local privilege escalation after an attacker gains low-privileged code execution. Connected sou...

7CVSS7.2AI score0.00652EPSS
CVE
CVE
added 2025/03/25 5:37 p.m.94 views

CVE-2024-58104

The CVEs CVE-2024-58104 and CVE-2024-58105 describe a local privilege bypass in Trend Micro Apex One Security Agent Plug-in User Interface Manager that could allow an attacker with low-privilege code execution to bypass security and run arbitrary code on affected installations. Exploitation is de...

7.8CVSS7.8AI score0.00155EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.83 views

CVE-2021-25232

This CVE (CVE-2021-25232) affects Trend Micro Apex One (on‑prem and SaaS) and OfficeScan XG SP1. The issue is an improper access control that allows an unauthenticated user to obtain information about the SQL database. ZDI indicates remote exploitation via the web console (default port 4343), ena...

5.3CVSS5.5AI score0.02026EPSS
CVE
CVE
added 2022/09/19 6:1 p.m.83 views

CVE-2022-40140

CVE-2022-40140 affects Trend Micro Apex One and Apex One as a Service. It is an origin validation error that can allow a local attacker with low-privilege code execution to cause a denial-of-service on affected installations. According to the provided sources, fixes are in August 2022 updates: On...

5.5CVSS5.9AI score0.00431EPSS
CVE
CVE
added 2023/06/26 9:56 p.m.83 views

CVE-2023-32556

Trend Micro Apex One and Apex One as a Service agent are affected by CVE-2023-32556, a link-following vulnerability that could allow a local attacker to disclose sensitive information. The issue requires the attacker to obtain the ability to execute low-privileged code on the target system. The N...

5.5CVSS5.4AI score0.00286EPSS
CVE
CVE
added 2023/06/26 9:58 p.m.83 views

CVE-2023-34146

Trend Micro Apex One and Apex One as a Service security agent are affected by CVE-2023-34146, described as an exposed dangerous function vulnerability that could allow a local attacker to escalate privileges and write an arbitrary value to specific agent subkeys. The vulnerability requires the at...

7.8CVSS7.6AI score0.00234EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.77 views

CVE-2021-25246

CVE-2021-25246 concerns Trend Micro Apex One (including Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security) where an improper access control information disclosure allows an unauthenticated attacker to create a bogus agent on an affected server to perform valid configurati...

6.5CVSS6.2AI score0.01742EPSS
CVE
CVE
added 2021/08/04 6:29 p.m.77 views

CVE-2021-32465

CVE-2021-32465 is an authenticated bypass vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1. Affected component is the patching/permissions handling where permissions are not preserved during certain operations, enabling a remote attacker to bypass authentication....

8.8CVSS8.9AI score0.04341EPSS
CVE
CVE
added 2021/08/04 6:29 p.m.76 views

CVE-2021-32464

CVE-2021-32464 is a local privilege-escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services. The issue arises from incorrect permission assignments on a resource (script) that an attacker can modify before execution after gaining low-privi...

7.8CVSS7.8AI score0.00589EPSS
CVE
CVE
added 2022/10/10 12:0 a.m.76 views

CVE-2022-41749

CVE-2022-41749 is an origin validation error affecting Trend Micro Apex One agents, enabling local privilege escalation if an attacker can run low-privilege code. The vulnerability is characterized by a LOCAL attack vector, LOW attack complexity, and requires user- or attacker-side conditions to ...

7.8CVSS7.7AI score0.00182EPSS
CVE
CVE
added 2023/06/26 9:58 p.m.76 views

CVE-2023-34147

The CVE-2023-34147 entry concerns Trend Micro Apex One and Apex One as a Service security agent. A vulnerability described as an exposed dangerous function could allow a local attacker, who must first obtain the ability to execute low-privileged code, to escalate privileges and write an arbitrary...

7.8CVSS7.6AI score0.00234EPSS
CVE
CVE
added 2019/10/28 7:28 p.m.75 views

CVE-2019-18189

CVE-2019-18189 is a directory-traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) that can bypass authentication and allow an attacker to log on to the product management console as root without authentication. Affected products and ...

10CVSS9.4AI score0.04538EPSS
CVE
CVE
added 2024/06/10 9:21 p.m.75 views

CVE-2024-36307

Trend Micro Apex One and Apex One as a Service are affected by CVE-2024-36307, an information-disclosure vulnerability that can be triggered by a local attacker who first has low-privilege code execution. Several sources describe the root cause as related to improper link handling/“link following...

5.5CVSS6.5AI score0.0078EPSS
CVE
CVE
added 2020/09/01 6:55 p.m.74 views

CVE-2020-24556

Summary (CVE-2020-24556 family) : Affected Trend Micro products running on Windows (Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1/Services). The core issue is a privilege-escalation/vector via creating a hard link to arbitrary files, enabling code execution after an attacker ga...

7.8CVSS7.9AI score0.00776EPSS
CVE
CVE
added 2020/09/28 11:30 p.m.74 views

CVE-2020-24564

CVE-2020-24564 is an out-of-bounds read information disclosure affecting Trend Micro Apex One. The connected Red Hat CVEs and NVD entry describe a local, low-privilege path to read memory and reveal sensitive information on vulnerable installations. The vulnerability requires the attacker to exec...

5.5CVSS5.3AI score0.01346EPSS
CVE
CVE
added 2024/06/10 9:21 p.m.74 views

CVE-2024-36305

CVE-2024-36305 concerns a local privilege-escalation in Trend Micro Apex One (on-premise/Apex One as a service) via a security agent link following vulnerability. The issue enables a local attacker, who already has low-privilege code execution, to escalate privileges on affected installations. Th...

7.8CVSS7.2AI score0.00889EPSS
CVE
CVE
added 2024/12/31 4:11 p.m.74 views

CVE-2024-52048

The connected Red Hat and NVD entries confirm CVE-2024-52048 affects Trend Micro Apex One via a LogServer link vulnerability that allows local privilege escalation. An attacker must first execute low-privileged code on the target system; no public exploit details or affected version/patch informa...

7.8CVSS7.7AI score0.00324EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.73 views

CVE-2021-25248

CVE-2021-25248 affects Trend Micro Apex One (on‑prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1/Services). The root cause is an out‑of‑bounds read due to insufficient validation in the vulnerable component (TmCCSF.exe per ZDI-21-118), allowing a local attacker with c...

5.5CVSS5.3AI score0.00887EPSS
CVE
CVE
added 2022/07/29 11:15 p.m.73 views

CVE-2022-36336

CVE-2022-36336 involves a local privilege-escalation in Trend Micro Apex One and Worry-Free Business Security agents caused by a link-following vulnerability in the scanning function. The available details identify the vulnerable component as the scanning service path in these products (notably t...

7.8CVSS7.6AI score0.00546EPSS
CVE
CVE
added 2023/06/26 9:56 p.m.73 views

CVE-2023-32553

Technical details about CVE-2023-32553 are not publicly provided in the connected documents. The initial description notes an access-control issue in Trend Micro Apex One/Apex One as a Service, but no specifics on affected versions, root cause, or remediation are included. Monitor for updates.

5.3CVSS5AI score0.00625EPSS
CVE
CVE
added 2024/12/31 4:16 p.m.73 views

CVE-2024-55917

CVE-2024-55917 is a local privilege escalation in Trend Micro Apex One caused by an origin validation error. The issue allows a local attacker who can run low-privilege code to escalate to SYSTEM, with the attack surface tied to the Apex One components and services referenced in the linked adviso...

7.8CVSS7.2AI score0.00255EPSS
CVE
CVE
added 2019/10/28 7:28 p.m.72 views

CVE-2019-18188

CVE-2019-18188 affects Trend Micro Apex One (on‑premise). A command-injection vulnerability allows an attacker to extract files from an arbitrary zip into a server folder, potentially enabling remote code execution. The remote process runs under the IUSR account, which has restricted permissions....

7.5CVSS7.9AI score0.04661EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.72 views

CVE-2021-25234

CVE-2021-25234 is an improper access control vulnerability affecting Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1. The connected sources describe an unauthenticated attacker being able to obtain information about a specific notification con...

5.3CVSS5.1AI score0.02067EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.72 views

CVE-2021-25241

Trend Micro CVE-2021-25241 is an SSRF information-disclosure vulnerability affecting Apex One and Worry-Free Business Security 10.0 SP1. Unauthenticated attackers could locate online agents by sweeping the affected web console. The ZDI advisory notes the flaw stems from improper access control in...

5.3CVSS5.1AI score0.01873EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.72 views

CVE-2021-25243

The CVE-2021-25243 entry describes an improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 that could allow an unauthenticated attacker to obtain patch level information. Connected documents confirm concrete...

5.3CVSS5.2AI score0.02153EPSS
CVE
CVE
added 2023/06/26 9:58 p.m.72 views

CVE-2023-34148

Overview. The CVE concerns Trend Micro Apex One and Apex One as a Service security agent, described as an exposed dangerous function vulnerability that could enable a local attacker to escalate privileges and write an arbitrary value to specific agent subkeys. The threat requires the attacker to ...

7.8CVSS7.6AI score0.00234EPSS
CVE
CVE
added 2024/06/10 9:20 p.m.72 views

CVE-2024-36302

Affected product/tech : Trend Micro Apex One security agent. Vulnerability type and root cause : Local privilege escalation via an origin validation error in the Apex One security agent (CVE-2024-36302). The vulnerability exploits an origin validation weakness to elevate privileges on the host. I...

7.8CVSS7.2AI score0.00552EPSS
CVE
CVE
added 2020/09/28 11:30 p.m.71 views

CVE-2020-24565

Trend Micro Apex One is affected by CVE-2020-24565, an out-of-bounds read information disclosure vulnerability. The issue allows a local attacker who already has low-privileged code execution to disclose sensitive information on vulnerable installations. The Red Hat CVE entries (CVE-2020-24564, C...

5.5CVSS5.3AI score0.01346EPSS
CVE
CVE
added 2022/12/01 2:12 p.m.71 views

CVE-2022-45797

Summary (CVE-2022-45797): A local arbitrary-file-deletion vulnerability in Trend Micro’s Damage Cleanup Engine affects Trend Micro Apex One and Apex One as a Service. The issue allows a local attacker to escalate privileges and delete files on vulnerable installations, requiring initial low-privi...

7.1CVSS7.5AI score0.00649EPSS
CVE
CVE
added 2021/02/04 7:36 p.m.70 views

CVE-2021-25249

CVE-2021-25249 involves an out-of-bounds write information disclosure in Trend Micro Apex One (on‑prem and SaaS), OfficeScan XG SP1, and Worry‑Free Business Security (10.0 SP1/Services). The connected ZDI advisory details a local privilege escalation flaw in the TmCCSF.exe component, caused by la...

7.8CVSS7.5AI score0.00426EPSS
CVE
CVE
added 2022/05/26 11:25 p.m.70 views

CVE-2022-30700

CVE-2022-30700 concerns Trend Micro Apex One and Apex One as a Service. The vulnerability is an incorrect permission assignment that lets a local attacker load a DLL with escalated privileges, requiring initial low-privilege code execution. The issue affects Apex One products and can lead to priv...

7.8CVSS7.6AI score0.00304EPSS
CVE
CVE
added 2022/09/19 6:1 p.m.70 views

CVE-2022-40143

CVE-2022-40143 is a local privilege-escalation in Trend Micro Apex One and Apex One as a Service, caused by improper link resolution before file access (CWE-59). A low-privilege attacker who can run code on the target can abuse an insecure directory to execute arbitrary code with elevated privile...

7.3CVSS7.6AI score0.00444EPSS
Total number of security vulnerabilities180