Product:

Apex_one

(Trendmicro)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 143
Date Id Summary Products Score Patch Annotated
2023-03-10 CVE-2023-25144 An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. Apex_one 7.8
2023-03-10 CVE-2023-25145 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Apex_one 7.8
2023-03-10 CVE-2023-25146 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Apex_one 7.8
2023-03-10 CVE-2023-25147 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. Apex_one 6.7
2023-03-10 CVE-2023-25148 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Apex_one 7.8
2023-03-10 CVE-2023-25143 An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. Apex_one 9.8
2020-03-18 CVE-2020-8468 Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Apex_one, Officescan, Worry\-Free_business_security 8.8
2021-07-29 CVE-2021-36742 A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Apex_one, Officescan, Officescan_business_security, Worry\-Free_business_security 7.8
2020-03-18 CVE-2020-8599 Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability. Apex_one, Officescan 9.8
2020-09-01 CVE-2020-24557 A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard... Apex_one, Worry\-Free_business_security 7.8