Apex One
by Trend Micro
CVEs (171)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-44651 | Hig | 0.46 | 7.0 | 0.00 | Dec 12, 2022 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the… | ||
| CVE-2022-45797 | Hig | 0.46 | 7.1 | 0.01 | Dec 12, 2022 | An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first… | ||
| CVE-2022-41745 | Hig | 0.46 | 7.0 | 0.01 | Oct 10, 2022 | An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an… | ||
| CVE-2022-41744 | Hig | 0.46 | 7.0 | 0.00 | Oct 10, 2022 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker… | ||
| CVE-2021-44024 | Hig | 0.46 | 7.1 | 0.00 | Jan 10, 2022 | A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must… | ||
| CVE-2020-24558 | Hig | 0.46 | 7.1 | 0.01 | Sep 1, 2020 | A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the… | ||
| CVE-2025-49158 | Med | 0.44 | 6.7 | 0.00 | Jun 17, 2025 | An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in… | ||
| CVE-2023-25147 | Med | 0.44 | 6.7 | 0.00 | Mar 10, 2023 | An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain… | ||
| CVE-2021-25246 | Med | 0.42 | 6.5 | 0.02 | Feb 4, 2021 | An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make… | ||
| CVE-2024-36306 | Med | 0.40 | 6.1 | 0.01 | Jun 10, 2024 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute… | ||
| CVE-2019-19692 | Med | 0.40 | 6.1 | 0.01 | Dec 20, 2019 | Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | ||
| CVE-2023-32556 | Med | 0.36 | 5.5 | 0.00 | Jun 26, 2023 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to… | ||
| CVE-2023-30902 | Med | 0.36 | 5.5 | 0.00 | Jun 26, 2023 | A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. | ||
| CVE-2022-44648 | Med | 0.36 | 5.5 | 0.01 | Dec 12, 2022 | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target… | ||
| CVE-2022-44647 | Med | 0.36 | 5.5 | 0.01 | Dec 12, 2022 | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target… | ||
| CVE-2022-40140 | Med | 0.36 | 5.5 | 0.00 | Sep 19, 2022 | An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target… | ||
| CVE-2021-44022 | Med | 0.36 | 5.5 | 0.00 | Dec 3, 2021 | A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in… | ||
| CVE-2021-3848 | Med | 0.36 | 5.5 | 0.00 | Oct 6, 2021 | An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that… | ||
| CVE-2021-28646 | Med | 0.36 | 5.5 | 0.00 | Apr 13, 2021 | An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. | ||
| CVE-2021-25248 | Med | 0.36 | 5.5 | 0.01 | Feb 4, 2021 | An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an… |
- risk 0.46cvss 7.0epss 0.00
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the…
- risk 0.46cvss 7.1epss 0.01
An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first…
- risk 0.46cvss 7.0epss 0.01
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an…
- risk 0.46cvss 7.0epss 0.00
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker…
- risk 0.46cvss 7.1epss 0.00
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must…
- risk 0.46cvss 7.1epss 0.01
A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the…
- risk 0.44cvss 6.7epss 0.00
An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in…
- risk 0.44cvss 6.7epss 0.00
An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain…
- risk 0.42cvss 6.5epss 0.02
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make…
- risk 0.40cvss 6.1epss 0.01
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute…
- risk 0.40cvss 6.1epss 0.01
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
- risk 0.36cvss 5.5epss 0.00
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…
- risk 0.36cvss 5.5epss 0.00
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
- risk 0.36cvss 5.5epss 0.01
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…
- risk 0.36cvss 5.5epss 0.01
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…
- risk 0.36cvss 5.5epss 0.00
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…
- risk 0.36cvss 5.5epss 0.00
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in…
- risk 0.36cvss 5.5epss 0.00
An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that…
- risk 0.36cvss 5.5epss 0.00
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
- risk 0.36cvss 5.5epss 0.01
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an…
Page 7 of 9