TrendMicro Apex One
By the Year
In 2023 there have been 1 vulnerability in TrendMicro Apex One with an average score of 9.1 out of ten. Last year Apex One had 5 security vulnerabilities published. Right now, Apex One is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 1.12.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 9.10 |
| 2022 | 5 | 7.98 |
| 2021 | 10 | 7.04 |
| 2020 | 10 | 7.12 |
| 2019 | 1 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Apex One vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent TrendMicro Apex One Security Vulnerabilities
A file upload vulnerability in exists in Trend Micro Apex One server build 11110
CVE-2023-0587
9.1 - Critical
- February 01, 2023
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.
Unrestricted File Upload
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could
CVE-2022-44651
7 - High
- December 12, 2022
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
TOCTTOU
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could
CVE-2022-44652
7.8 - High
- December 12, 2022
An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Improper Handling of Exceptional Conditions
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could
CVE-2022-44653
7.8 - High
- December 12, 2022
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Directory traversal
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component
CVE-2022-44654
7.5 - High
- December 12, 2022
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.
An arbitrary file upload vulnerability in Trend Micro Apex Central could
CVE-2022-26871
9.8 - Critical
- March 29, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Unrestricted File Upload
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could
CVE-2021-42012
7.8 - High
- October 21, 2021
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Memory Corruption
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could
CVE-2021-32464
7.8 - High
- August 04, 2021
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Incorrect Default Permissions
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could
CVE-2021-32465
8.8 - High
- August 04, 2021
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Improper Preservation of Permissions
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could
CVE-2021-28646
5.5 - Medium
- April 13, 2021
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
Incorrect Permission Assignment for Critical Resource
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could
CVE-2021-28645
7.8 - High
- April 13, 2021
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Incorrect Permission Assignment for Critical Resource
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could
CVE-2021-25253
7.8 - High
- April 13, 2021
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Improper Privilege Management
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could
CVE-2021-25250
7.8 - High
- April 13, 2021
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Improper Privilege Management
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server
CVE-2021-25246
6.5 - Medium
- February 04, 2021
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
AuthZ
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could
CVE-2021-25229
5.3 - Medium
- February 04, 2021
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
AuthZ
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could
CVE-2021-25228
5.3 - Medium
- February 04, 2021
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
AuthZ
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could
CVE-2020-28583
5.3 - Medium
- December 01, 2020
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.
Information Disclosure
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could
CVE-2020-28582
5.3 - Medium
- December 01, 2020
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
Information Disclosure
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could
CVE-2020-28577
5.3 - Medium
- December 01, 2020
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
Information Disclosure
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could
CVE-2020-28576
5.3 - Medium
- December 01, 2020
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
Information Disclosure
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could
CVE-2020-28573
5.3 - Medium
- December 01, 2020
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.
Information Disclosure
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could
CVE-2020-8467
8.8 - High
- March 18, 2020
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file
CVE-2020-8599
9.8 - Critical
- March 18, 2020
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file
CVE-2020-8598
9.8 - Critical
- March 18, 2020
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Improper Input Validation
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file
CVE-2020-8470
7.5 - High
- March 18, 2020
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
Improper Input Validation
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could
CVE-2020-8468
8.8 - High
- March 18, 2020
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Injection
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may
CVE-2019-18189
9.8 - Critical
- October 28, 2019
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for TrendMicro Worry Free Business Security or by TrendMicro? Click the Watch button to subscribe.
