CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25147
https://notcve.org/view.php?id=CVE-2023-25147
07 Mar 2023 — An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. • https://success.trendmicro.com/solution/000292209 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2023-25143
https://notcve.org/view.php?id=CVE-2023-25143
07 Mar 2023 — An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. • https://success.trendmicro.com/solution/000292209 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25144 – Trend Micro Apex One Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25144
24 Feb 2023 — An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One Security Agent. The specif... • https://success.trendmicro.com/solution/000292209 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25148 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25148
24 Feb 2023 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent... • https://success.trendmicro.com/solution/000292209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25145 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25145
24 Feb 2023 — A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged c... • https://success.trendmicro.com/solution/000292209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25146 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-25146
24 Feb 2023 — A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected in... • https://success.trendmicro.com/solution/000292209 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.4EPSS: 21%CPEs: 1EXPL: 0CVE-2023-0587
https://notcve.org/view.php?id=CVE-2023-0587
01 Feb 2023 — A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. • https://www.tenable.com/security/research/tra-2023-5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48191 – Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-48191
18 Jan 2023 — A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. Existe una vulnerabilidad en Trend Micro Maximum Security 2022 (17.7) en la que un usuario con pocos privilegios puede escribir un ejecutable malicioso conocido ... • https://helpcenter.trendmicro.com/en-us/article/tmka-11252 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45798 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-45798
15 Dec 2022 — A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Un vínculo que sigue a una vulnerabilidad en el componente Damage Cleanup Engine de Trend Micro Apex One y Tren... • https://success.trendmicro.com/solution/000291830 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45797
https://notcve.org/view.php?id=CVE-2022-45797
01 Dec 2022 — An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de eliminación arbitraria de archivos en el componente Damage Cleanup Engine de Trend Micro Apex One y Trend... • https://success.trendmicro.com/solution/000291830 •