Skip to main content

Worry Free Business Security

49 CVEs product

Monthly

CVE-2025-49154 HIGH PATCH This Week

CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.

Trend Micro Privilege Escalation Information Disclosure Worry Free Business Security Worry Free Business Security Services +1
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2023-41179 HIGH KEV THREAT This Week

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.2
EPSS
4.7%
CVE-2022-36336 HIGH This Week

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24680 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24679 HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24678 HIGH PATCH This Week

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-44021 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44020 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-44019 HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-42108 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42107 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42106 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42105 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42104 HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42012 HIGH PATCH This Week

A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-23139 HIGH PATCH This Week

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Trend Micro Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3848 MEDIUM PATCH This Month

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36742 HIGH KEV THREAT This Week

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-36741 HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2021-32463 HIGH PATCH This Week

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25252 MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central Apex One Cloud Edge +16
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-25249 HIGH PATCH This Week

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Trend Micro Information Disclosure Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25248 MEDIUM PATCH This Month

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Trend Micro Information Disclosure Apex One Officescan +1
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-25246 MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-25245 MEDIUM PATCH This Month

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-25244 MEDIUM PATCH This Month

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-25243 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25242 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25241 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Apex One Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-25240 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25239 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25238 MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25236 MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-25234 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25233 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-25231 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-25228 MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2020-28574 HIGH POC This Week

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-24559 HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple Apex One Officescan +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24558 HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure Apex One Worry Free Business Security +1
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-24557 HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft Apex One Worry Free Business Security
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-24556 HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation Microsoft Apex One +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-8600 CRITICAL PATCH Act Now

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro Path Traversal Worry Free Business Security
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-8598 CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass Apex One Officescan +1
NVD
CVSS 3.1
9.8
EPSS
13.2%
CVE-2020-8470 HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2019-18189 CRITICAL Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Apex One Officescan Worry Free Business Security
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2018-6218 HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security Endpoint Sensor Officescan +2
NVD
CVSS 3.1
7.0
EPSS
1.6%
CVE-2016-1224 MEDIUM This Month

CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2016-1223 MEDIUM This Month

Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Microsoft Officescan Worry Free Business Security +1
NVD
CVSS 3.1
5.3
EPSS
1.7%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

CVE-2025-49154 is an insecure access control vulnerability (CWE-284) in Trend Micro Apex One and Worry-Free Business Security that allows a local attacker with low-privileged code execution to overwrite critical memory-mapped files, potentially compromising system security and stability. With a CVSS score of 8.7 and low attack complexity, this vulnerability poses a significant risk to enterprise security postures, though exploitation requires prior code execution access. No active KEV confirmation or public POC availability is documented in standard vulnerability databases at this time.

Trend Micro Privilege Escalation Information Disclosure +3
NVD
EPSS 5% CVSS 7.2
HIGH KEV THREAT This Week

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Trend Micro +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Worry Free Business Security
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Trend Micro Apex One +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Trend Micro +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Trend Micro +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 1% CVSS 7.8
HIGH KEV THREAT This Week

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Officescan +3
NVD
EPSS 5% CVSS 8.8
HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Trend Micro Apex One +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Trend Micro Apex Central +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption Trend Micro +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Trend Micro Information Disclosure +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Worry Free Business Security
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Worry Free Business Security
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Officescan +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro SSRF Information Disclosure +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Path Traversal Worry Free Business Security
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apple +4
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Trend Micro Information Disclosure +3
NVD
EPSS 3% CVSS 7.8
HIGH KEV THREAT This Week

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Privilege Escalation Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Privilege Escalation +4
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Trend Micro Path Traversal Worry Free Business Security
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Trend Micro Authentication Bypass +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Apex One +2
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Apex One +2
NVD
EPSS 2% CVSS 7.0
HIGH This Week

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Trend Micro RCE Deep Security +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Worry Free Business Security +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Microsoft +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy