Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Trend Micro — Apex One and Apex One as a Service
- Added to KEV catalog
- 15 September 2022
- Federal remediation due date
- 6 October 2022
- Weakness classification (CWE)
- CWE-353, CWE-641
CISA Description
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139
More Trend Micro Vulnerabilities
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex Central Arbitrary File Upload Vulnerability
Trend Micro OfficeScan Directory Traversal Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services