Trend Micro Apex One Multiple Vulnerabilities
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Trend Micro Apex One. An attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, information disclosure, security restriction bypass and Denial of Service on the targeted system.
CVE-2022-40139 is being exploited in the wild.
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.
An attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
- Denial of Service
- Security Restriction Bypass
System / Technologies affected
- Trend Micro Apex One - 2019 (On-prem)
- Trend Micro Apex One as a Service (SaaS)
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply fixes issued by the vendor: