Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
TrendmicroApex One

9 matches found

CVE
CVE•added 2022/03/29 9:15 p.m.•1128 views

CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

9.8CVSS9.8AI score0.08567EPSS
In wild
CVE
CVE•added 2023/02/01 3:15 a.m.•255 views

CVE-2023-0587

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (...

9.1CVSS9.3AI score0.26562EPSS
CVE
CVE•added 2020/03/18 1:15 a.m.•97 views

CVE-2020-8470

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.

9.4CVSS7.8AI score0.01122EPSS
In wild
CVE
CVE•added 2025/08/05 1:15 p.m.•87 views

CVE-2025-54948

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

9.8CVSS7AI score0.20736EPSS
In wild
CVE
CVE•added 2022/09/19 6:15 p.m.•80 views

CVE-2022-40144

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.

9.8CVSS9.4AI score0.0016EPSS
CVE
CVE•added 2023/03/10 9:15 p.m.•49 views

CVE-2023-25143

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.

9.8CVSS9.5AI score0.02342EPSS
CVE
CVE•added 2023/06/26 10:15 p.m.•43 views

CVE-2023-32557

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.

9.8CVSS9.8AI score0.0534EPSS
CVE
CVE•added 2022/10/10 9:15 p.m.•38 views

CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in ord...

9.1CVSS9.2AI score0.00203EPSS
CVE
CVE•added 2025/08/05 1:15 p.m.•31 views

CVE-2025-54987

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.

9.8CVSS7AI score0.20736EPSS