Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Apex_one
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 147 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-10 | CVE-2024-36306 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one | 5.5 | ||
| 2019-04-05 | CVE-2019-9489 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | Apex_one, Apex_one_as_a_service, Business_security, Officescan, Worry\-Free_business_security | 7.5 | ||
| 2019-10-28 | CVE-2019-18188 | Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication. | Apex_one | 7.5 | ||
| 2019-12-20 | CVE-2019-19692 | Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected. | Apex_one | N/A | ||
| 2019-12-20 | CVE-2019-19691 | A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability. | Apex_one, Officescan | N/A | ||
| 2019-10-28 | CVE-2019-18189 | A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | Apex_one, Officescan, Worry\-Free_business_security | N/A |