ID CVE-2022-40139
Summary Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:trendmicro:apex_one:-:*:*:*:*:saas:*:*
    cpe:2.3:a:trendmicro:apex_one:-:*:*:*:*:saas:*:*
  • cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
    cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 08-08-2023 - 14:22
Published 19-09-2022 - 18:15
Last modified 08-08-2023 - 14:22
Back to Top