This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Trendmicro First view 2019-04-05
Product Apex One Last view 2023-03-10
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:* 80
cpe:2.3:a:trendmicro:apex_one:saas:*:*:*:*:*:*:* 30
cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:* 28
cpe:2.3:a:trendmicro:apex_one:-:*:*:*:*:saas:*:* 25
cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:* 21
cpe:2.3:a:trendmicro:apex_one:-:-:*:*:*:*:*:* 19
cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:*:*:* 18
cpe:2.3:a:trendmicro:apex_one:b1066:*:*:*:*:*:*:* 17
cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:* 17
cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:* 14
cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:-:*:*:* 10

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2023-03-10 CVE-2023-25148

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

6.7 2023-03-10 CVE-2023-25147

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.

7.8 2023-03-10 CVE-2023-25146

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8 2023-03-10 CVE-2023-25145

A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8 2023-03-10 CVE-2023-25144

An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.

9.8 2023-03-10 CVE-2023-25143

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.

9.1 2023-02-01 CVE-2023-0587

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.

7.8 2022-12-24 CVE-2022-45798

A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.1 2022-12-12 CVE-2022-45797

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.5 2022-12-12 CVE-2022-44654

Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.

7.8 2022-12-12 CVE-2022-44653

A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8 2022-12-12 CVE-2022-44652

An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7 2022-12-12 CVE-2022-44651

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8 2022-12-12 CVE-2022-44650

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7.8 2022-12-12 CVE-2022-44649

An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

5.5 2022-12-12 CVE-2022-44648

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44647.

5.5 2022-12-12 CVE-2022-44647

An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.

7.8 2022-10-10 CVE-2022-41749

An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

6.7 2022-10-10 CVE-2022-41748

A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.

7.8 2022-10-10 CVE-2022-41747

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

9.1 2022-10-10 CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

7 2022-10-10 CVE-2022-41745

An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7 2022-10-10 CVE-2022-41744

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

9.8 2022-09-19 CVE-2022-40144

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations.

7.3 2022-09-19 CVE-2022-40143

A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
16% (13) CWE-59 Improper Link Resolution Before File Access ('Link Following')
14% (11) CWE-125 Out-of-bounds Read
8% (7) CWE-269 Improper Privilege Management
7% (6) CWE-732 Incorrect Permission Assignment for Critical Resource
7% (6) CWE-427 Uncontrolled Search Path Element
5% (4) CWE-787 Out-of-bounds Write
3% (3) CWE-346 Origin Validation Error
3% (3) CWE-276 Incorrect Default Permissions
3% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (2) CWE-434 Unrestricted Upload of File with Dangerous Type
2% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (2) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
2% (2) CWE-287 Improper Authentication
2% (2) CWE-20 Improper Input Validation
1% (1) CWE-755 Improper Handling of Exceptional Conditions
1% (1) CWE-617 Reachable Assertion
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-425 Direct Request ('Forced Browsing')
1% (1) CWE-415 Double Free
1% (1) CWE-326 Inadequate Encryption Strength
1% (1) CWE-306 Missing Authentication for Critical Function
1% (1) CWE-295 Certificate Issues
1% (1) CWE-281 Improper Preservation of Permissions
1% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...