CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41744 – Trend Micro Apex One Vulnerability Protection Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41744
07 Oct 2022 — A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad del componente integrado Trend Micro Apex One Vulnerability Protection podría permitir a un at... • https://success.trendmicro.com/solution/000291645 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41749 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-41749
07 Oct 2022 — An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de error de comprobación de origen en los agentes Trend Micro Apex One podría permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener prime... • https://success.trendmicro.com/solution/000291645 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40141
https://notcve.org/view.php?id=CVE-2022-40141
19 Sep 2022 — A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server. Una vulnerabilidad en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante interceptar y decodificar determinadas cadenas de comunicación que pueden contener algunos atributos de identificación de un servidor Apex One en particular • https://success.trendmicro.com/solution/000291528 •
CVSS: 8.3EPSS: 2%CPEs: 3EXPL: 0CVE-2022-40139 – Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40139
19 Sep 2022 — Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability. Una comprobación inapropiada de algunos componentes usados por el mecanismo de reve... • https://success.trendmicro.com/solution/000291528 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40144
https://notcve.org/view.php?id=CVE-2022-40144
19 Sep 2022 — A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. Una vulnerabilidad en Trend Micro Apex One y Trend Micro Apex One as a Service podría permitir a un atacante omitir la autenticación de inicio de sesión del producto al falsificar los parámetros de petición en las instalaciones afectadas • https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40142 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40142
14 Sep 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un enlace de seguridad que sigue a la vulnerabilidad de escalada de privilegios local en los age... • https://success.trendmicro.com/solution/000291528 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 3CVE-2022-40140 – Trend Micro Apex One Origin Validation Error Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-40140
14 Sep 2022 — An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de error de comprobación de origen en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local causar una denegación de servicio en las instalacio... • https://github.com/ipsBruno/CVE-2022-40140-SCANNER • CWE-346: Origin Validation Error •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40143 – Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-40143
14 Sep 2022 — A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios local en los servidores de Trend Micro Apex ... • https://success.trendmicro.com/solution/000291528 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36336 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36336
28 Jul 2022 — A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. Una vulnerabilidad de seguimiento de enlaces en la función scanning d... • https://success.trendmicro.com/solution/000291267 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30700 – Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30700
26 May 2022 — An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de asignación de permisos incorrecta en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local cargar una DLL con privilegios... • https://success.trendmicro.com/solution/000291008 • CWE-732: Incorrect Permission Assignment for Critical Resource •