Total
140 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-30902 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 5.5 MEDIUM |
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. | |||||
CVE-2023-34144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | |||||
CVE-2023-32557 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 9.8 CRITICAL |
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | |||||
CVE-2023-32552 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 5.3 MEDIUM |
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | |||||
CVE-2023-34145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | |||||
CVE-2023-32555 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.0 HIGH |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | |||||
CVE-2023-32554 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.0 HIGH |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | |||||
CVE-2023-32553 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 5.3 MEDIUM |
An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | |||||
CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 5.5 MEDIUM |
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-34148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | |||||
CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | |||||
CVE-2022-44653 | 1 Trendmicro | 1 Apex One | 2023-12-10 | N/A | 7.8 HIGH |
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-25143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 9.8 CRITICAL |
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | |||||
CVE-2023-25146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2022-44651 | 1 Trendmicro | 1 Apex One | 2023-12-10 | N/A | 7.0 HIGH |
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2022-45798 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-25145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2022-44648 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 5.5 MEDIUM |
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647. | |||||
CVE-2022-44649 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2023-12-10 | N/A | 7.8 HIGH |
An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2023-0587 | 1 Trendmicro | 1 Apex One | 2023-12-10 | N/A | 9.1 CRITICAL |
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. |