📦 Apex One

A critical vulnerability in Trend Micro Apex One (on-premise) management console allows unauthenticated remote attackers to upload malicious code and execute arbitrary commands on affected systems. Th...

This critical vulnerability allows unauthenticated attackers to upload arbitrary files to Trend Micro Apex One management servers via path traversal, potentially leading to remote code execution with ...

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary code remotely by exploiting an uncontrolled search path element. Attackers can place malicious DLLs in...

An unauthenticated remote file upload vulnerability in Trend Micro Apex One allows attackers to upload arbitrary files to the server's SampleSubmission directory. This can lead to denial of service by...

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that allows unauthenticated remote attackers to upload malicious files to the server. This can lead to remo...

This vulnerability in Trend Micro Apex One Security Agent allows a local attacker with low-privileged access to bypass security controls and execute arbitrary code on affected systems. It affects inst...

This vulnerability in Trend Micro Apex One Security Agent Plug-in User Interface Manager allows a local attacker with low-privileged access to bypass security controls and execute arbitrary code on af...

A local privilege escalation vulnerability in Trend Micro Apex One allows attackers with initial low-privileged access to gain elevated system privileges. This affects organizations using vulnerable v...

This is a local privilege escalation vulnerability in Trend Micro Apex One security software. An attacker with existing low-privileged access on a system can exploit a link following flaw to gain elev...

A local privilege escalation vulnerability in Trend Micro Apex One's LogServer component allows attackers who already have low-privileged access to elevate their privileges on affected systems. This l...

This vulnerability in Trend Micro Apex One's LogServer component allows a local attacker with low-privileged code execution to create arbitrary files, potentially leading to privilege escalation. Affe...

This is an SQL injection vulnerability in Trend Micro Apex One's modOSCE component that allows remote attackers to execute arbitrary code on affected systems. Attackers need low-privileged code execut...

This vulnerability in Trend Micro Apex One allows a local attacker with low-privileged access to escalate privileges on affected systems. Attackers could gain administrative control over the endpoint ...

This CVE describes an origin validation vulnerability in Trend Micro Apex One security agent that allows local attackers to escalate privileges on affected installations. Attackers must first gain low...

A Time-of-Check Time-of-Use (TOCTOU) vulnerability in Trend Micro Apex One and Apex One as a Service agents allows local attackers to escalate privileges on affected systems. Attackers must first have...

This CVE describes a link following vulnerability in Trend Micro Apex One security agent that allows a local attacker to escalate privileges on affected installations. An attacker must first have low-...

This CVE describes a link following vulnerability in Trend Micro Apex One security agent that allows a local attacker to escalate privileges on affected installations. An attacker must first have low-...

This vulnerability in Trend Micro Apex One agent allows a local attacker with low-privileged code execution to abuse the updater to delete arbitrary folders, potentially leading to local privilege esc...

This CVE describes an origin validation vulnerability in Trend Micro Apex One security agent that allows a local attacker with low-privileged code execution to escalate privileges on affected installa...

This CVE describes an origin validation vulnerability in Trend Micro Apex One security agent that allows a local attacker to escalate privileges on affected installations. Attackers must first gain lo...

This CVE describes a local privilege escalation vulnerability in Trend Micro Apex One security agent where an attacker with low-privileged access can elevate privileges on affected systems. The vulner...

This CVE describes an origin validation vulnerability in Trend Micro Apex One security agent that allows local attackers to escalate privileges on affected systems. Attackers must first gain low-privi...

A local privilege escalation vulnerability in Trend Micro Apex One's plug-in manager allows attackers with initial low-privileged access to elevate their privileges on affected systems. This affects T...

This is an untrusted search path vulnerability in Trend Micro Apex One and Apex One as a Service security agents that allows local attackers to escalate privileges on affected systems. Attackers must ...

This vulnerability in Trend Micro Apex One and Apex One as a Service allows a local attacker with low-privileged code execution to escalate privileges and write arbitrary values to specific Trend Micr...

This vulnerability in Trend Micro Apex One and Apex One as a Service allows a local attacker with low-privileged code execution to escalate privileges and write arbitrary values to specific Trend Micr...

This CVE describes a Time-of-Check Time-of-Use (TOCTOU) vulnerability in Trend Micro Apex One and Apex One as a Service agents that allows local attackers to escalate privileges. Attackers must first ...

This CVE describes a local privilege escalation vulnerability in Trend Micro Apex One's scanning function. An attacker with low-privileged access can exploit improper link following to gain elevated s...

This vulnerability in Trend Micro Apex One allows a local attacker with low-privileged access to escalate privileges by manipulating file links. Attackers can change specific files into pseudo-symlink...

This vulnerability allows a local attacker with existing low-privileged access to escalate privileges by loading a malicious DLL with incorrect permissions in Trend Micro Apex One products. It affects...

This vulnerability allows attackers to flood temporary log locations in Trend Micro security agents, consuming all disk space and causing denial-of-service. Affected products include Trend Micro Apex ...

This vulnerability allows a local attacker with low-privileged code execution to escalate privileges by creating mount points and deleting arbitrary folders in Trend Micro security products. Affected ...

This vulnerability in Trend Micro Apex One allows a local attacker with initial low-privileged access to manipulate a specially crafted file and issue commands via a named pipe, leading to privilege e...

A null pointer dereference vulnerability in Trend Micro Apex One and Worry-Free Business Security allows attackers to crash the CGI program on affected installations. This could lead to denial of serv...

A stack-based buffer overflow vulnerability in Trend Micro Apex One and Worry-Free Business Security allows a local attacker with low-privileged code execution to escalate privileges on affected syste...

This vulnerability allows a local attacker with low-privileged code execution to escalate privileges on Trend Micro Apex One installations. It affects both on-premise Apex One and cloud-based Apex One...

This vulnerability allows a local attacker with low-privileged code execution on affected Trend Micro security products to escalate privileges to higher system levels. It affects Trend Micro Apex One,...

This vulnerability allows a local attacker with low-privileged code execution on affected Trend Micro security products to escalate privileges to higher system levels. It affects Trend Micro Apex One,...

This vulnerability allows a local attacker with low-privileged code execution on affected Trend Micro security products to escalate privileges via the Web Console. It affects Trend Micro Apex One, Ape...

This vulnerability allows local privilege escalation in Trend Micro security products. An attacker with low-privileged code execution can modify scripts before they run to gain higher privileges. Affe...

This vulnerability allows authenticated attackers to upload arbitrary files to Trend Micro security products due to improper input validation. Attackers must first obtain management console credential...

This vulnerability allows a local attacker with low-privileged access to escalate privileges and delete files with system-level permissions on Trend Micro security products. It affects Trend Micro Ape...

This vulnerability allows a local attacker with low-privileged access to escalate privileges on Trend Micro Apex One and OfficeScan XG SP1 installations. It affects Trend Micro Apex One, Apex One as a...

This CVE describes an out-of-bounds write vulnerability in Trend Micro security products that allows a local attacker with low-privileged code execution to escalate privileges on affected systems. The...

A link following vulnerability in Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine allows a local attacker with low-privileged code execution to cause denial-of-service conditions ...