Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Trendmicro Subscribe
Total 414 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25148 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25147 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 6.7 MEDIUM
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.
CVE-2023-25146 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25145 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25144 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-16 N/A 7.8 HIGH
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
CVE-2023-25143 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-03-15 N/A 9.8 CRITICAL
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.
CVE-2021-36741 2 Microsoft, Trendmicro 5 Windows, Apex One, Officescan and 2 more 2023-03-01 6.5 MEDIUM 8.8 HIGH
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product?s management console in order to exploit this vulnerability.
CVE-2023-0587 1 Trendmicro 1 Apex One 2023-02-07 N/A 9.1 CRITICAL
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.
CVE-2022-48191 2 Microsoft, Trendmicro 2 Windows, Maximum Security 2022 2023-01-26 N/A 7.0 HIGH
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
CVE-2022-45798 2 Microsoft, Trendmicro 2 Windows, Apex One 2023-01-13 N/A 7.8 HIGH
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44651 1 Trendmicro 1 Apex One 2022-12-14 N/A 7.0 HIGH
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44652 1 Trendmicro 1 Apex One 2022-12-14 N/A 7.8 HIGH
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44653 1 Trendmicro 1 Apex One 2022-12-14 N/A 7.8 HIGH
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44654 1 Trendmicro 1 Apex One 2022-12-14 N/A 7.5 HIGH
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.
CVE-2022-45797 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 7.1 HIGH
An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44647 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 5.5 MEDIUM
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.
CVE-2022-44648 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 5.5 MEDIUM
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.
CVE-2022-44649 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 7.8 HIGH
An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-44650 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-12-13 N/A 7.8 HIGH
A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-41744 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-10-11 N/A 7.0 HIGH
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.