Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Apex_one
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 136 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-10 | CVE-2021-45441 | A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-05-27 | CVE-2022-30700 | An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one | 7.8 | ||
| 2022-05-27 | CVE-2022-30701 | An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one | 7.8 | ||
| 2020-09-01 | CVE-2020-24556 | A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build... | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-02-24 | CVE-2022-24679 | A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit... | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-02-24 | CVE-2022-24680 | A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the... | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-02-24 | CVE-2022-24678 | An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.5 | ||
| 2022-01-10 | CVE-2021-44024 | A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.1 | ||
| 2022-01-10 | CVE-2021-45440 | A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.8 | ||
| 2022-01-10 | CVE-2021-45442 | A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Apex_one, Worry\-Free_business_security, Worry\-Free_business_security_services | 7.1 |