Trend Micro Apex One Multiple Vulnerabilities

Release Date: 14 Sep 2022 5996 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Trend Micro Apex One. An attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, information disclosure, security restriction bypass and Denial of Service on the targeted system.

 

Note:
CVE-2022-40139 is being exploited in the wild.

 

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.

 

An attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

Impact

  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Trend Micro Apex One - 2019 (On-prem)
  • Trend Micro Apex One as a Service (SaaS)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

Trend MicroElevation of PrivilegeDenial of ServiceInformation DisclosureRemote Code ExecutionSecurity Restriction BypassExploit In The Wild

Share with

Previous

Zoom Products Multiple Vulnerabilities

14 Sep 2022 4557 Views

Next

Microsoft Monthly Security Update (September 2022)

14 Sep 2022 5874 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY