Apex One
by Trend Micro
CVEs (171)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28583 | Med | 0.35 | 5.3 | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | ||
| CVE-2020-28582 | Med | 0.35 | 5.3 | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | ||
| CVE-2020-28577 | Med | 0.35 | 5.3 | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | ||
| CVE-2020-28576 | Med | 0.35 | 5.3 | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | ||
| CVE-2020-28573 | Med | 0.35 | 5.3 | 0.03 | Dec 1, 2020 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | ||
| CVE-2023-32553 | Med | 0.34 | 5.3 | 0.00 | Jun 26, 2023 | An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | ||
| CVE-2019-19691 | Med | 0.32 | 4.9 | 0.01 | Dec 20, 2019 | A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this… | ||
| CVE-2024-36307 | Med | 0.31 | 4.7 | 0.01 | Jun 10, 2024 | A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute… | ||
| CVE-2020-25774 | Med | 0.28 | 4.3 | 0.02 | Sep 29, 2020 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this… | ||
| CVE-2025-54948 | 0.13 | — | 0.20 | KEV | Aug 5, 2025 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | ||
| CVE-2025-54987 | 0.00 | — | 0.17 | Aug 5, 2025 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different… |
- risk 0.35cvss 5.3epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
- risk 0.35cvss 5.3epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
- risk 0.35cvss 5.3epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
- risk 0.35cvss 5.3epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
- risk 0.35cvss 5.3epss 0.03
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
- risk 0.34cvss 5.3epss 0.00
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.
- risk 0.32cvss 4.9epss 0.01
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this…
- risk 0.31cvss 4.7epss 0.01
A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute…
- risk 0.28cvss 4.3epss 0.02
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this…
- risk 0.13cvss —epss 0.20
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
- CVE-2025-54987Aug 5, 2025risk 0.00cvss —epss 0.17
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different…
Page 9 of 9