CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41745 – Trend Micro Apex One Security Agent Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41745
07 Oct 2022 — An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de acceso fuera de límites en Trend Micro Apex One podría permitir a un atacante local ... • https://success.trendmicro.com/solution/000291645 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41746 – Trend Micro Apex One Forced Browsing Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41746
07 Oct 2022 — A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. Una vulnerabilidad de navegación forzada en Trend Micro Apex One podría permitir a un atacante con acceso a la consola de Apex One en las instalaciones afectadas escalar privilegi... • https://success.trendmicro.com/solution/000291645 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41747 – Trend Micro Apex One Security Agent Improper Certificate Validation Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41747
07 Oct 2022 — An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de comprobación de certificación inapropiada en los agentes de Trend Micro Apex One podría permitir a un atacante local cargar un archivo DLL con privilegios ... • https://success.trendmicro.com/solution/000291645 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41749 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41749
07 Oct 2022 — An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de error de comprobación de origen en los agentes Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener prime... • https://success.trendmicro.com/solution/000291645 • CWE-346: Origin Validation Error •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40707 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40707
23 Sep 2022 — An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708. Una vulnerabilidad de lectura fuera de límites en Trend Micro Deep Security 20 y ... • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40708 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40708
23 Sep 2022 — An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707. Una vulnerabilidad de lectura fuera de límites en Trend Micro Deep Security 20 y ... • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40709 – Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-40709
23 Sep 2022 — An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708. Una vulnerabilidad de lectura fuera de límites en Trend Micro Deep Secu... • https://success.trendmicro.com/solution/000291590 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2022-40710 – Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40710
23 Sep 2022 — A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de seguimiento de enlaces en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podría permitir a un atacante local escalar... • https://success.trendmicro.com/solution/000291590 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40980
https://notcve.org/view.php?id=CVE-2022-40980
19 Sep 2022 — A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2. Una posible vulnerabilidad de eliminación de archivos sin autenticación en Trend Micro Mobile Security for Enterprise versión 9.8 SP5, podría permitir a un atacante con acceso al servidor de administración eliminar archivos. Este problema ha sido resuelto en versión 9.8 SP... • https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40141
https://notcve.org/view.php?id=CVE-2022-40141
19 Sep 2022 — A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server. Una vulnerabilidad en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante interceptar y decodificar determinadas cadenas de comunicación que pueden contener algunos atributos de identificación de un servidor Apex One en particular • https://success.trendmicro.com/solution/000291528 •