Page 4 of 138 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de inclusión de archivos locales en el servidor de administración Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One web console. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1621 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de enlace de agente en el agente de seguridad Trend Micro Apex One podría permitir que un atacante local escale privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One NT RealTime Scan service. • https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1611 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 1%CPEs: 5EXPL: 0

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. Una vulnerabilidad en el módulo de desinstalación AV de terceros contenido en Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security y Worry-Free Business Security Services podría permitir a un atacante manipular el módulo para ejecutar comandos arbitrarios afectando la instalación. Tenga en cuenta que un atacante primero debe obtener acceso a la consola administrativa en el sistema de destino para poder aprovechar esta vulnerabilidad. Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. • https://jvn.jp/en/vu/JVNVU90967486 https://success.trendmicro.com/jp/solution/000294706 https://success.trendmicro.com/solution/000294994 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US •