Lucene search

K
TrendmicroApex One

147 matches found

CVE
CVE
added 2022/03/29 9:15 p.m.1098 views

CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

9.8CVSS9.8AI score0.08567EPSS
CVE
CVE
added 2021/07/29 8:15 p.m.1071 views

CVE-2021-36741

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the pr...

8.8CVSS8.6AI score0.00799EPSS
CVE
CVE
added 2021/07/29 8:15 p.m.1055 views

CVE-2021-36742

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege...

7.8CVSS7.9AI score0.01032EPSS
CVE
CVE
added 2020/09/01 7:15 p.m.974 views

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtai...

7.8CVSS7.7AI score0.01017EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.920 views

CVE-2020-8599

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

10CVSS9.4AI score0.5842EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.908 views

CVE-2020-8467

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.

8.8CVSS9.4AI score0.07689EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.903 views

CVE-2020-8468

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

8.8CVSS8.9AI score0.04484EPSS
CVE
CVE
added 2022/09/19 6:15 p.m.693 views

CVE-2022-40139

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution....

7.2CVSS7.7AI score0.18386EPSS
CVE
CVE
added 2023/09/19 2:15 p.m.348 views

CVE-2023-41179

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that a...

7.2CVSS7.4AI score0.0151EPSS
CVE
CVE
added 2023/02/01 3:15 a.m.241 views

CVE-2023-0587

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (...

9.1CVSS9.3AI score0.21872EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.98 views

CVE-2020-8598

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit t...

10CVSS9.6AI score0.08463EPSS
CVE
CVE
added 2022/02/24 3:15 a.m.97 views

CVE-2022-24678

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location ...

7.5CVSS7.4AI score0.00635EPSS
CVE
CVE
added 2020/03/18 1:15 a.m.96 views

CVE-2020-8470

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

9.4CVSS7.8AI score0.01122EPSS
CVE
CVE
added 2022/02/24 3:15 a.m.83 views

CVE-2022-24679

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in ...

7.8CVSS7.9AI score0.00047EPSS
CVE
CVE
added 2022/02/24 3:15 a.m.83 views

CVE-2022-24680

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leve...

7.8CVSS7.9AI score0.00047EPSS
CVE
CVE
added 2022/09/19 6:15 p.m.77 views

CVE-2022-40144

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.

9.8CVSS9.4AI score0.0016EPSS
CVE
CVE
added 2022/09/19 6:15 p.m.65 views

CVE-2022-40140

An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to expl...

5.5CVSS5.9AI score0.00092EPSS
CVE
CVE
added 2023/06/26 10:15 p.m.64 views

CVE-2023-32556

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilit...

5.5CVSS5.4AI score0.00045EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.63 views

CVE-2021-25246

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration quer...

6.5CVSS6.2AI score0.00356EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.61 views

CVE-2021-25232

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.

5.3CVSS5.5AI score0.0038EPSS
CVE
CVE
added 2019/10/28 8:15 p.m.60 views

CVE-2019-18188

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR ...

7.5CVSS7.9AI score0.02677EPSS
CVE
CVE
added 2021/08/04 7:15 p.m.59 views

CVE-2021-32464

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute...

7.8CVSS7.8AI score0.00094EPSS
CVE
CVE
added 2021/08/04 7:15 p.m.59 views

CVE-2021-32465

An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privilege...

8.8CVSS8.9AI score0.04599EPSS
CVE
CVE
added 2022/05/27 12:15 a.m.58 views

CVE-2022-30700

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target syst...

7.8CVSS7.6AI score0.00045EPSS
CVE
CVE
added 2023/06/26 10:15 p.m.58 views

CVE-2023-34146

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obta...

7.8CVSS7.6AI score0.00091EPSS
CVE
CVE
added 2019/10/28 8:15 p.m.57 views

CVE-2019-18189

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

10CVSS9.4AI score0.00595EPSS
CVE
CVE
added 2022/05/27 12:15 a.m.56 views

CVE-2022-30701

An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the abi...

7.8CVSS7.6AI score0.00052EPSS
CVE
CVE
added 2023/06/26 10:15 p.m.56 views

CVE-2023-34147

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obta...

7.8CVSS7.6AI score0.00091EPSS
CVE
CVE
added 2020/09/29 12:15 a.m.55 views

CVE-2020-24565

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ta...

5.5CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25233

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.

5.3CVSS5AI score0.00343EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25234

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.

5.3CVSS5.1AI score0.00343EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.55 views

CVE-2021-25241

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.

5.3CVSS5.1AI score0.00421EPSS
CVE
CVE
added 2022/07/30 12:15 a.m.55 views

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an up...

7.8CVSS7.6AI score0.00056EPSS
CVE
CVE
added 2022/10/10 9:15 p.m.55 views

CVE-2022-41744

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ...

7CVSS6.9AI score0.00044EPSS
CVE
CVE
added 2020/09/29 12:15 a.m.54 views

CVE-2020-24564

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ta...

5.5CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2022/12/12 9:15 a.m.54 views

CVE-2022-45797

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to exe...

7.1CVSS7.5AI score0.00446EPSS
CVE
CVE
added 2023/06/26 10:15 p.m.54 views

CVE-2023-32553

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.

5.3CVSS5AI score0.00251EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.53 views

CVE-2021-25243

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.53 views

CVE-2021-25248

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain...

5.5CVSS5.3AI score0.00148EPSS
CVE
CVE
added 2023/06/26 10:15 p.m.53 views

CVE-2023-34148

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obta...

7.8CVSS7.6AI score0.00091EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.52 views

CVE-2021-25229

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.

5.3CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2021/02/04 8:15 p.m.52 views

CVE-2021-25249

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obta...

7.8CVSS7.5AI score0.0008EPSS
CVE
CVE
added 2022/12/12 1:15 p.m.52 views

CVE-2022-44651

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7CVSS7AI score0.00052EPSS
CVE
CVE
added 2024/06/10 10:15 p.m.52 views

CVE-2024-36307

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the targ...

5.5CVSS6.5AI score0.00035EPSS
CVE
CVE
added 2022/10/10 9:15 p.m.51 views

CVE-2022-41747

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in o...

7.8CVSS7.6AI score0.0004EPSS
CVE
CVE
added 2022/12/24 12:15 a.m.51 views

CVE-2022-45798

A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain th...

7.8CVSS7.7AI score0.00061EPSS
CVE
CVE
added 2024/06/10 10:15 p.m.51 views

CVE-2024-36306

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the tar...

6.1CVSS7AI score0.00065EPSS
CVE
CVE
added 2024/06/10 10:15 p.m.51 views

CVE-2024-37289

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2019/04/05 11:29 p.m.50 views

CVE-2019-9489

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.

7.5CVSS7.5AI score0.00566EPSS
CVE
CVE
added 2020/09/29 12:15 a.m.50 views

CVE-2020-24563

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged co...

7.8CVSS8AI score0.00107EPSS
Total number of security vulnerabilities147