CVSS: 8.3EPSS: 35%CPEs: 5EXPL: 0CVE-2023-41179 – Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41179
19 Sep 2023 — A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. Una vulnerabilidad en el módulo de desinstalación AV de terceros contenido en Trend Micro Ape... • https://jvn.jp/en/vu/JVNVU90967486 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36336 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-36336
28 Jul 2022 — A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. Una vulnerabilidad de seguimiento de enlaces en la función scanning d... • https://success.trendmicro.com/solution/000291267 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24678 – Trend Micro Apex One Security Agent Resource Exhaustion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24678
16 Feb 2022 — An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. Una vulnerabilidad de denegación de servicio por agotamiento de recursos del agente de seguridad en los agentes Trend Micro Apex One, Trend Micro Apex One as a... • https://success.trendmicro.com/solution/000290464 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24679 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24679
16 Feb 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabili... • https://success.trendmicro.com/solution/000290464 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24680 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24680
16 Feb 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord... • https://success.trendmicro.com/solution/000290464 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23805 – Trend Micro Worry-Free Business Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-23805
31 Jan 2022 — A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Worry-Free Business Security Server podría permitir a un a... • https://success.trendmicro.com/solution/000290416 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45231 – Trend Micro Apex One Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45231
06 Jan 2022 — A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios... • https://success.trendmicro.com/solution/000289996 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45441 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45441
06 Jan 2022 — A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de error de comprobación de origen en Trend Micro Apex One (on-prem y SaaS) podría permitir a un atacante ... • https://success.trendmicro.com/solution/000289996 • CWE-346: Origin Validation Error •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44024 – Trend Micro Apex One Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-44024
06 Jan 2022 — A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de denegación de servicio en Trend Micro Apex One (on-prem y SaaS) y Trend Micro Worry-Free Business ... • https://success.trendmicro.com/solution/000289996 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45440 – Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45440
06 Jan 2022 — A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de privilegios no necesarios en Trend Micro Apex One y Trend Micro Worry-Free Business Security ... • https://success.trendmicro.com/solution/000289996 • CWE-269: Improper Privilege Management •