Skip to main content

Apex One

140 CVEs product

Monthly

CVE-2021-32463 HIGH PATCH This Week

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28646 MEDIUM This Month

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28645 HIGH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25253 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-25250 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-25249 HIGH PATCH This Week

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Trend Micro Information Disclosure Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25248 MEDIUM PATCH This Month

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Trend Micro Information Disclosure Apex One Officescan +1
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-25246 MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-25243 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25242 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25241 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Apex One Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-25240 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25239 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25237 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-25235 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25234 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25233 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25232 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2021-25231 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25230 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25229 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25228 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-28583 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28582 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28577 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28576 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28573 MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2020-28572 HIGH This Week

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25774 MEDIUM This Month

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-25773 HIGH This Week

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2020-25772 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-25771 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-25770 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24565 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24564 MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-24563 HIGH This Week

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Authentication Bypass Apex One
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-24559 HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple Apex One Officescan +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24558 HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-24557 HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24556 HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Microsoft Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-8607 MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit Apex One Deep Security +9
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-8599 CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Apex One Officescan
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2020-8598 CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass Apex One Officescan +1
NVD
CVSS 3.1
9.8
EPSS
13.2%
CVE-2020-8470 HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-8467 HIGH KEV PATCH THREAT This Week

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Apex One Officescan
NVD
CVSS 3.1
8.8
EPSS
10.8%
CVE-2019-19692 MEDIUM This Month

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Apex One
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-19691 MEDIUM This Month

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2019-18189 CRITICAL Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-18188 HIGH This Week

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection Apex One
NVD
CVSS 3.1
7.5
EPSS
4.7%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Trend Micro +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Trend Micro Information Disclosure +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple +4
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +3
NVD
EPSS 3% CVSS 7.8
HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation +4
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Trend Micro Antivirus Toolkit +11
NVD
EPSS 12% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Authentication Bypass Apex One +1
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 11% CVSS 8.8
HIGH KEV PATCH THREAT This Week

A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Trend Micro Apex One +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Apex One
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Apex One +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Command Injection +1
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy