VYPR

Apex One

by Trend Micro

CVEs (171)

  • CVE-2021-25249HigFeb 4, 2021
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an…

  • CVE-2020-28572HigNov 18, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.

  • CVE-2020-25773HigSep 29, 2020
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

  • CVE-2020-24563HigSep 29, 2020
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to…

  • CVE-2020-24559HigSep 1, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute…

  • CVE-2020-24556HigSep 1, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a…

  • CVE-2024-52047HigDec 31, 2024
    risk 0.49cvss 7.5epss 0.01

    A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2024-39753HigOct 22, 2024
    risk 0.49cvss 7.5epss 0.02

    An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…

  • CVE-2022-44654HigDec 12, 2022
    risk 0.49cvss 7.5epss 0.01

    Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been…

  • CVE-2022-40141HigSep 19, 2022
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.

  • CVE-2022-24678HigFeb 24, 2022
    risk 0.49cvss 7.5epss 0.02

    An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a…

  • CVE-2021-23139HigOct 21, 2021
    risk 0.49cvss 7.5epss 0.01

    A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.

  • CVE-2020-8470HigMar 18, 2020
    risk 0.49cvss 7.5epss 0.04

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this…

  • CVE-2019-18188HigOct 28, 2019
    risk 0.49cvss 7.5epss 0.05

    Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution…

  • CVE-2019-9489HigApr 5, 2019
    risk 0.49cvss 7.5epss 0.02

    A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.

  • CVE-2022-40143HigSep 19, 2022
    risk 0.47cvss 7.3epss 0.00

    A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges.…

  • CVE-2025-71215HigMay 21, 2026
    risk 0.46cvss 7.0epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2025-49156HigJun 17, 2025
    risk 0.46cvss 7.0epss 0.00

    A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2023-32555HigJun 26, 2023
    risk 0.46cvss 7.0epss 0.00

    A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2023-32554HigJun 26, 2023
    risk 0.46cvss 7.0epss 0.00

    A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on…

Page 6 of 9