Skip to main content

Trend Micro Apex One Multiple Vulnerabilities

Release Date: 14 Sep 2022 2431 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Trend Micro Apex One. An attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, information disclosure, security restriction bypass and Denial of Service on the targeted system.

 

Note:
CVE-2022-40139 is being exploited in the wild.

 

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.

 

An attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.


Impact

  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Trend Micro Apex One - 2019 (On-prem)
  • Trend Micro Apex One as a Service (SaaS)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link