Refine your search
25 vulnerabilities found for Apex One by Trend Micro
CERTFR-2025-AVI-0658
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les vulnérabilités CVE-2025-54948 et CVE-2025-54987 sont activement exploitées.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One (on-prem) sans le correctif FixTool_Aug2025 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One (on-prem) sans le correctif FixTool_Aug2025",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les vuln\u00e9rabilit\u00e9s CVE-2025-54948 et CVE-2025-54987 sont activement exploit\u00e9es.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-54948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54948"
},
{
"name": "CVE-2025-54987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54987"
}
],
"initial_release_date": "2025-08-06T00:00:00",
"last_revision_date": "2025-08-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex One. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": "2025-08-05",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0020652",
"url": "https://success.trendmicro.com/en-US/solution/KA-0020652"
}
]
}
CERTFR-2025-AVI-0544
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Worry-Free Business Security | Worry-Free Business Security Services versions antérieures à 6.7.3954 et 14.3.1299 | ||
| Trend Micro | Apex One | Security agent pour Apex One as a Service versions antérieures à 14.0.14492 | ||
| Trend Micro | Apex Central | Apex Central versions antérieures à CP B7007 | ||
| Trend Micro | Apex Central | Apex Central as a Service sans le correctif de sécurité d'Avril 2025 | ||
| Trend Micro | Apex One | Apex One versions antérieures à SP1 CP Build 14002 | ||
| Trend Micro | Trend Micro Endpoint Encryption | Trend Micro Endpoint Encryption PolicyServer sans correctif de sécurité Patch 1 Update 6 (Version 6.0.0.4013) | ||
| Trend Micro | Worry-Free Business Security | Worry-Free Business Security versions antérieures à 10 SP1 Patch 2514 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Worry-Free Business Security Services versions ant\u00e9rieures \u00e0 6.7.3954 et 14.3.1299",
"product": {
"name": "Worry-Free Business Security",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Security agent pour Apex One as a Service versions ant\u00e9rieures \u00e0 14.0.14492",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central versions ant\u00e9rieures \u00e0 CP B7007",
"product": {
"name": "Apex Central",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central as a Service sans le correctif de s\u00e9curit\u00e9 d\u0027Avril 2025",
"product": {
"name": "Apex Central",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One versions ant\u00e9rieures \u00e0 SP1 CP Build 14002",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro Endpoint Encryption PolicyServer sans correctif de s\u00e9curit\u00e9 Patch 1 Update 6 (Version 6.0.0.4013)",
"product": {
"name": "Trend Micro Endpoint Encryption",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security versions ant\u00e9rieures \u00e0 10 SP1 Patch 2514",
"product": {
"name": "Worry-Free Business Security",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49220"
},
{
"name": "CVE-2025-49219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49219"
},
{
"name": "CVE-2025-49156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49156"
},
{
"name": "CVE-2025-49155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49155"
},
{
"name": "CVE-2025-49215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49215"
},
{
"name": "CVE-2025-49214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49214"
},
{
"name": "CVE-2025-49212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49212"
},
{
"name": "CVE-2025-49157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49157"
},
{
"name": "CVE-2025-49487",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49487"
},
{
"name": "CVE-2025-49216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49216"
},
{
"name": "CVE-2025-49217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49217"
},
{
"name": "CVE-2025-49213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49213"
},
{
"name": "CVE-2025-49158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49158"
},
{
"name": "CVE-2025-49211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49211"
},
{
"name": "CVE-2025-49154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49154"
},
{
"name": "CVE-2025-49218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49218"
}
],
"initial_release_date": "2025-06-27T00:00:00",
"last_revision_date": "2025-06-27T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0544",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": "2025-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019936",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019936"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019926",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019928",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
},
{
"published_at": "2025-06-09",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019917",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
}
]
}
CERTFR-2024-AVI-1086
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One as a Service sans la mise à jour de décembre 2024 | ||
| Trend Micro | Apex One | Apex One versions antérieures à SP1 build 13140 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One as a Service sans la mise \u00e0 jour de d\u00e9cembre 2024",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One versions ant\u00e9rieures \u00e0 SP1 build 13140",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-52049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52049"
},
{
"name": "CVE-2024-55631",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55631"
},
{
"name": "CVE-2024-52048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52048"
},
{
"name": "CVE-2024-52050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52050"
},
{
"name": "CVE-2024-55917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55917"
},
{
"name": "CVE-2024-55632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55632"
}
],
"initial_release_date": "2024-12-17T00:00:00",
"last_revision_date": "2024-12-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1086",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex One. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0018217",
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
}
]
}
CERTFR-2024-AVI-0455
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Deep Security Agent | Deep Security Agent versions 20.0.x antérieures à 20.0.1-9400 pour Windows | ||
| Trend Micro | IWSVA | IWSVA versions 6.5 antérieures à 6.5 SP3 Patch 2 (b3367) | ||
| Trend Micro | Apex One | Apex One versions 2019 antérieures à SP1 CP b12980 | ||
| Trend Micro | Apex One | Apex One as a Service sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Deep Security Agent versions 20.0.x ant\u00e9rieures \u00e0 20.0.1-9400 pour Windows ",
"product": {
"name": "Deep Security Agent",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "IWSVA versions 6.5 ant\u00e9rieures \u00e0 6.5 SP3 Patch 2 (b3367)",
"product": {
"name": "IWSVA",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One versions 2019 ant\u00e9rieures \u00e0 SP1 CP b12980",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36304"
},
{
"name": "CVE-2024-36359",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36359"
},
{
"name": "CVE-2024-36307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36307"
},
{
"name": "CVE-2024-36306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36306"
},
{
"name": "CVE-2024-36302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36302"
},
{
"name": "CVE-2024-36358",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36358"
},
{
"name": "CVE-2024-36305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36305"
},
{
"name": "CVE-2024-36303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36303"
}
],
"initial_release_date": "2024-05-31T00:00:00",
"last_revision_date": "2024-05-31T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0455",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": "2024-05-30",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000298151",
"url": "https://success.trendmicro.com/dcx/s/solution/000298151?language=en_US"
},
{
"published_at": "2024-05-30",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000298065",
"url": "https://success.trendmicro.com/dcx/s/solution/000298065?language=en_US"
},
{
"published_at": "2024-05-30",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000298063",
"url": "https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US"
}
]
}
CERTFR-2024-AVI-0016
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | N/A | Apex Central 2019 sans le correctif de sécurité Patch 8 (b6658) | ||
| Trend Micro | Apex One | Apex One as a Service sans le dernier correctif de sécurité | ||
| Trend Micro | Apex One | Apex One 2019 sans le correctif de sécurité SP1 CP b12534 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex Central 2019 sans le correctif de s\u00e9curit\u00e9 Patch 8 (b6658)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One 2019 sans le correctif de s\u00e9curit\u00e9 SP1 CP b12534",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-52094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52094"
},
{
"name": "CVE-2023-52090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52090"
},
{
"name": "CVE-2023-52091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52091"
},
{
"name": "CVE-2023-52093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52093"
},
{
"name": "CVE-2023-52324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52324"
},
{
"name": "CVE-2023-52092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52092"
},
{
"name": "CVE-2023-52326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52326"
},
{
"name": "CVE-2023-52325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52325"
},
{
"name": "CVE-2023-52328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52328"
}
],
"initial_release_date": "2024-01-10T00:00:00",
"last_revision_date": "2024-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0016",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000296153 du 09 janvier 2024",
"url": "https://success.trendmicro.com/dcx/s/solution/000296153"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000296151 du 09 janvier 2024",
"url": "https://success.trendmicro.com/dcx/s/solution/000296151"
}
]
}
CERTFR-2023-AVI-0918
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | TrendMicro Apex One as a Service toutes versions sans le correctif de sécurité mensuel de septembre 2023 | ||
| Trend Micro | Apex One | TrendMicro Apex One (On-prem) versions 2019 sans le correctif de sécurité SP1 CP 12526 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "TrendMicro Apex One as a Service toutes versions sans le correctif de s\u00e9curit\u00e9 mensuel de septembre 2023",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "TrendMicro Apex One (On-prem) versions 2019 sans le correctif de s\u00e9curit\u00e9 SP1 CP 12526",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47195"
},
{
"name": "CVE-2023-47194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47194"
},
{
"name": "CVE-2023-47199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47199"
},
{
"name": "CVE-2023-47198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47198"
},
{
"name": "CVE-2023-47200",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47200"
},
{
"name": "CVE-2023-47201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47201"
},
{
"name": "CVE-2023-47202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47202"
},
{
"name": "CVE-2023-47192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47192"
},
{
"name": "CVE-2023-47197",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47197"
},
{
"name": "CVE-2023-47193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47193"
},
{
"name": "CVE-2023-47196",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47196"
}
],
"initial_release_date": "2023-11-07T00:00:00",
"last_revision_date": "2023-11-07T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro\u00a0000295652 du 06 novembre 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000295652"
}
],
"reference": "CERTFR-2023-AVI-0918",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-07T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u003cspan\nclass=\"textit\"\u003e\u00a0TrendMicro Apex One\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000295652 du 06 novembre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0764
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits TrendMicro. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security | TrendMicro Worry-Free Business Security en mode SaaS (WFBSS) sans le correctif mensuel de maintenance du 31 juillet 2023 | ||
| Trend Micro | Apex One | TrendMicro Apex One versions 2019 (On-prem) sans le correctif de sécurité SP1 Patch 1 (B12380) | ||
| Trend Micro | Apex One | TrendMicro Apex One en mode SaaS sans le correctif mensuel de sécurité du mois de juillet 2023 (202307) | ||
| ESET | Security | TrendMicro Worry-Free Business Security (WFBS) version 10.0 SP1 sans le correctif de sécurité SP1 Patch 2495 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "TrendMicro Worry-Free Business Security en mode SaaS (WFBSS) sans le correctif mensuel de maintenance du 31 juillet 2023",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "TrendMicro Apex One versions 2019 (On-prem) sans le correctif de s\u00e9curit\u00e9 SP1 Patch 1 (B12380)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "TrendMicro Apex One en mode SaaS sans le correctif mensuel de s\u00e9curit\u00e9 du mois de juillet 2023 (202307)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "TrendMicro Worry-Free Business Security (WFBS) version 10.0 SP1 sans le correctif de s\u00e9curit\u00e9 SP1 Patch 2495",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-41179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41179"
}
],
"initial_release_date": "2023-09-20T00:00:00",
"last_revision_date": "2023-09-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro\u00a0000294994 du 19 septembre 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US"
}
],
"reference": "CERTFR-2023-AVI-0764",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits TrendMicro\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits TrendMicro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000294994 du 19 septembre 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0439
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One as a Service sans le correctif Hotfix Build 202305 (Agent 14.0.12518) | ||
| Trend Micro | Apex One | Apex One versions 2019 (On-prem) sans le correctif de sécurité SP1 CP B12033 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One as a Service sans le correctif Hotfix Build 202305 (Agent 14.0.12518)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One versions 2019 (On-prem) sans le correctif de s\u00e9curit\u00e9 SP1 CP B12033",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34145"
},
{
"name": "CVE-2023-34146",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34146"
},
{
"name": "CVE-2023-34148",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34148"
},
{
"name": "CVE-2023-34147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34147"
},
{
"name": "CVE-2023-34144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34144"
}
],
"initial_release_date": "2023-06-07T00:00:00",
"last_revision_date": "2023-06-07T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro\u00a0000293322 du 06 juin 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US"
}
],
"reference": "CERTFR-2023-AVI-0439",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex\nOne. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293322 du 06 juin 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0387
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One et Apex Central. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One version 2019 sans le correctif de sécurité SP1 Critical Patch B120 | ||
| Trend Micro | Apex One | Apex Central version 2019 sans le correctif de sécurité Patch 4 (B6394) | ||
| Trend Micro | Apex One | Apex One as a Service versions antérieures à la maintenance d'avril 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One version 2019 sans le correctif de s\u00e9curit\u00e9 SP1 Critical Patch B120",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central version 2019 sans le correctif de s\u00e9curit\u00e9 Patch 4 (B6394)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service versions ant\u00e9rieures \u00e0 la maintenance d\u0027avril 2023",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32537"
},
{
"name": "CVE-2023-32553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32553"
},
{
"name": "CVE-2023-32557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32557"
},
{
"name": "CVE-2023-32535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32535"
},
{
"name": "CVE-2023-32536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32536"
},
{
"name": "CVE-2023-32554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32554"
},
{
"name": "CVE-2023-32556",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32556"
},
{
"name": "CVE-2023-30902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30902"
},
{
"name": "CVE-2023-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32529"
},
{
"name": "CVE-2023-32555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32555"
},
{
"name": "CVE-2023-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32605"
},
{
"name": "CVE-2023-32552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32552"
},
{
"name": "CVE-2023-32531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32531"
},
{
"name": "CVE-2023-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32530"
},
{
"name": "CVE-2023-32604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32604"
}
],
"initial_release_date": "2023-05-17T00:00:00",
"last_revision_date": "2023-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0387",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TrendMicro Apex One\net Apex Central. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One et Apex Central",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293107 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293108 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
CERTFR-2023-AVI-0106
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans TrendMicro. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One 2019 sans le correctif de sécurité SP1 b11564 | ||
| ESET | Security | Worry-Free Business Security 10.0 SP1 sans le correctif de sécurité Patch 2454 | ||
| N/A | N/A | Apex One as a Service sans le correctif de sécurité Build 202301 Security Agent version: 14.0.11960 | ||
| ESET | Security | Worry-Free Business Security Services sans le correctif de sécurité (6.7.3064 / 14.2.3044) |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One 2019 sans le correctif de s\u00e9curit\u00e9 SP1 b11564",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security 10.0 SP1 sans le correctif de s\u00e9curit\u00e9 Patch 2454",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Apex One as a Service sans le correctif de s\u00e9curit\u00e9 Build 202301 Security Agent version: 14.0.11960",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security Services sans le correctif de s\u00e9curit\u00e9 (6.7.3064 / 14.2.3044)",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25143",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25143"
},
{
"name": "CVE-2022-44649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44649"
},
{
"name": "CVE-2023-25146",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25146"
},
{
"name": "CVE-2023-25144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25144"
},
{
"name": "CVE-2023-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0587"
},
{
"name": "CVE-2022-44650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44650"
},
{
"name": "CVE-2022-45798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45798"
},
{
"name": "CVE-2023-25148",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25148"
},
{
"name": "CVE-2023-25145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25145"
},
{
"name": "CVE-2023-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25147"
}
],
"initial_release_date": "2023-02-09T00:00:00",
"last_revision_date": "2023-02-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000292209 du 09 f\u00e9vrier 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000292209?language=en_US"
}
],
"reference": "CERTFR-2023-AVI-0106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTrendMicro\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un contournement de la politique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de\nprivil\u00e8ges et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits TrendMicro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000292209 du 08 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000292202 du 08 f\u00e9vrier 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000292202?language=en_US"
}
]
}
CERTFR-2023-AVI-0082
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Trend Micro Apex One. Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One versions 2019 Server Build 11110 sans le correctif de sécurité Service Pack SP1 b11564 | ||
| Trend Micro | Apex One | Apex One as a Service versions antérieures à January 2023 Maintenance Hotfix - Build 202301 Security Agent 14.0.11960 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One versions 2019 Server Build 11110 sans le correctif de s\u00e9curit\u00e9 Service Pack SP1 b11564",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service versions ant\u00e9rieures \u00e0 January 2023 Maintenance Hotfix - Build 202301 Security Agent 14.0.11960",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0587"
}
],
"initial_release_date": "2023-02-02T00:00:00",
"last_revision_date": "2023-02-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0082",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Trend Micro Apex One. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000292183 du 01 f\u00e9vrier 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000292183"
}
]
}
CERTFR-2022-AVI-1072
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One as a Service sans le correctif Hotfix Build 202211 (Agent 14.0.11840) | ||
| Trend Micro | Apex One | Apex One versions 2019 (On-prem) sans le correctif SP1 CP b11136 (Agent 11136) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One as a Service sans le correctif Hotfix Build 202211 (Agent 14.0.11840)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One versions 2019 (On-prem) sans le correctif SP1 CP b11136 (Agent 11136)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-45797",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45797"
},
{
"name": "CVE-2022-45798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45798"
}
],
"initial_release_date": "2022-12-02T00:00:00",
"last_revision_date": "2022-12-02T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TrendMicro Apex\nOne. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000291830 du 01 d\u00e9cembre 2022",
"url": "https://success.trendmicro.com/dcx/s/solution/000291830"
}
]
}
CERTFR-2022-AVI-1021
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One as a Service versions sans le correctif de sécurité de otctobre 2022 (version de l'agent de sécurité : 14.0.11789) | ||
| Trend Micro | Apex One | Apex One versions 2019 (On-prem) sans le correctif de sécurité SP1 b11128 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One as a Service versions sans le correctif de s\u00e9curit\u00e9 de otctobre 2022 (version de l\u0027agent de s\u00e9curit\u00e9 : 14.0.11789)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One versions 2019 (On-prem) sans le correctif de s\u00e9curit\u00e9 SP1 b11128",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-44649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44649"
},
{
"name": "CVE-2022-44654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44654"
},
{
"name": "CVE-2022-44652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44652"
},
{
"name": "CVE-2022-44651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44651"
},
{
"name": "CVE-2022-44647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44647"
},
{
"name": "CVE-2022-44653",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44653"
},
{
"name": "CVE-2022-44648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44648"
},
{
"name": "CVE-2022-44650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44650"
}
],
"initial_release_date": "2022-11-10T00:00:00",
"last_revision_date": "2022-11-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1021",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TrendMicro Apex\nOne. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro du 09 novembre 2022",
"url": "https://success.trendmicro.com/dcx/s/solution/000291770"
}
]
}
CERTFR-2022-AVI-884
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One (on-prem) versions antérieures à CP 11110/11102 | ||
| Trend Micro | Apex One | Apex One (SaaS) sans la mise à jour mensuelle de septembre 2022 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One (on-prem) versions ant\u00e9rieures \u00e0 CP 11110/11102",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One (SaaS) sans la mise \u00e0 jour mensuelle de septembre 2022",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41747"
},
{
"name": "CVE-2022-41745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41745"
},
{
"name": "CVE-2022-41748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41748"
},
{
"name": "CVE-2022-41744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41744"
},
{
"name": "CVE-2022-41749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41749"
},
{
"name": "CVE-2022-41746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41746"
}
],
"initial_release_date": "2022-10-06T00:00:00",
"last_revision_date": "2022-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-884",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex\nOne. Elles permettent \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000291645 du 05 octobre 2022",
"url": "https://success.trendmicro.com/dcx/s/solution/000291645?"
}
]
}
CERTFR-2022-AVI-817
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One Apex One versions antérieures à SP1 (b11092/11088) | ||
| Trend Micro | Apex One | Apex One SaaS sans la mise à jour mensuelle d'août 2022 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One Apex One versions ant\u00e9rieures \u00e0 SP1 (b11092/11088)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One SaaS sans la mise \u00e0 jour mensuelle d\u0027ao\u00fbt 2022",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
"cves": [
{
"name": "CVE-2022-40139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40139"
},
{
"name": "CVE-2022-40142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40142"
},
{
"name": "CVE-2022-40141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40141"
},
{
"name": "CVE-2022-40140",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40140"
},
{
"name": "CVE-2022-40144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40144"
},
{
"name": "CVE-2022-40143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40143"
}
],
"initial_release_date": "2022-09-14T00:00:00",
"last_revision_date": "2022-09-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-817",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex\nOne. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000291528 du 13 septembre 2022",
"url": "https://success.trendmicro.com/dcx/s/solution/000291528"
}
]
}
CERTFR-2022-AVI-677
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Trend Micro Apex One et Worry-Free Business Security. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Worry-Free Business Security 10.0 SP1 sans le correctif de sécurité Spyware Pattern 25.27 | ||
| Trend Micro | Apex One | Apex One version 2019 sans le correctif de sécurité Spyware Pattern 25.27 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Worry-Free Business Security 10.0 SP1 sans le correctif de s\u00e9curit\u00e9 Spyware Pattern 25.27",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One version 2019 sans le correctif de s\u00e9curit\u00e9 Spyware Pattern 25.27",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-36336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36336"
}
],
"initial_release_date": "2022-07-26T00:00:00",
"last_revision_date": "2022-11-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-677",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-26T00:00:00.000000"
},
{
"description": "Correction d\u0027une erreur dans la r\u00e9f\u00e9rence CVE, il s\u0027agit de CVE-2022-36336 et non CVE-2022-36366.",
"revision_date": "2022-11-28T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Trend Micro Apex One et\nWorry-Free Business Security. Elle permet \u00e0 un attaquant de provoquer\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Trend Micro Apex One et Worry-Free Business Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro CVE-2022-36336 du 25 juillet 2022",
"url": "https://success.trendmicro.com/dcx/s/solution/000291267?language=en_US"
}
]
}
CERTFR-2022-AVI-475
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One 2019 (On-premise) sans le correctif 10101 | ||
| Trend Micro | Apex One | Apex One as a Service sans la mise à jour de mars 2022 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One 2019 (On-premise) sans le correctif 10101",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service sans la mise \u00e0 jour de mars 2022",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30700"
},
{
"name": "CVE-2022-30701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30701"
}
],
"initial_release_date": "2022-05-19T00:00:00",
"last_revision_date": "2022-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-475",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex\nOne. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000291008 du 18 mai 2022",
"url": "https://success.trendmicro.com/dcx/s/solution/000291008"
}
]
}
CERTFR-2021-AVI-986
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One et Worry-Free Business Security. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Worry-Free Business Security (WFBS) 10.0 SP1 versions antérieures à Patch 2368 | ||
| Trend Micro | Apex One | Apex One 2019 versions antérieures à Patch 6 B10048 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Worry-Free Business Security (WFBS) 10.0 SP1 versions ant\u00e9rieures \u00e0 Patch 2368",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One 2019 versions ant\u00e9rieures \u00e0 Patch 6 B10048",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45231"
},
{
"name": "CVE-2021-45442",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45442"
},
{
"name": "CVE-2021-45440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45440"
},
{
"name": "CVE-2021-45441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45441"
},
{
"name": "CVE-2021-44024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44024"
}
],
"initial_release_date": "2021-12-30T00:00:00",
"last_revision_date": "2021-12-30T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-986",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Trend Micro Apex\nOne et Worry-Free Business Security. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Trend Micro Apex One et Worry-Free Business Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000289996 du 29 d\u00e9cembre 2021",
"url": "https://success.trendmicro.com/solution/000289996"
}
]
}
CERTFR-2021-AVI-790
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits TrendMicro. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One SaaS sans la mise à jour mensuelle de septembre 2021 | ||
| ESET | Security | Worry-Free Business Security (WFBS) version 10.0SP1 sans le correctif 2342 | ||
| Trend Micro | Apex One | Apex One 2019 (On-prem) versions antérieures à CP 9645 | ||
| ESET | Security | Worry-Free Business Security Services (WFBSS) versions antérieures à 6.7.1648 ou 14.2.1349 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One SaaS sans la mise \u00e0 jour mensuelle de septembre 2021",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security (WFBS) version 10.0SP1 sans le correctif 2342",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Apex One 2019 (On-prem) versions ant\u00e9rieures \u00e0 CP 9645",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security Services (WFBSS) versions ant\u00e9rieures \u00e0 6.7.1648 ou 14.2.1349",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42012"
},
{
"name": "CVE-2021-23139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23139"
},
{
"name": "CVE-2021-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42011"
},
{
"name": "CVE-2021-42108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42108"
},
{
"name": "CVE-2021-42104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42104"
},
{
"name": "CVE-2021-42101",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42101"
},
{
"name": "CVE-2021-42103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42103"
}
],
"initial_release_date": "2021-10-15T00:00:00",
"last_revision_date": "2021-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-790",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nTrendMicro. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits TrendMicro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000289229 du 14 octobre 2021",
"url": "https://success.trendmicro.com/solution/000289229"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000289230 du 14 octobre 2021",
"url": "https://success.trendmicro.com/solution/000289230"
}
]
}
CERTFR-2021-AVI-750
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Trend Micro. Elle permet à un attaquant de provoquer un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One 2019 versions antérieures à CP 9645 | ||
| Trend Micro | N/A | Worry-Free Business Security versions antérieures à 10.0 SP1 Patch 2342 | ||
| Trend Micro | N/A | Worry-Free Business Security Services sans la mise à jour de septembre 2021 | ||
| Trend Micro | Apex One | Apex One SaaS sans la mise à jour de septembre 2021 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One 2019 versions ant\u00e9rieures \u00e0 CP 9645",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security versions ant\u00e9rieures \u00e0 10.0 SP1 Patch 2342",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security Services sans la mise \u00e0 jour de septembre 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One SaaS sans la mise \u00e0 jour de septembre 2021",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3848"
}
],
"initial_release_date": "2021-10-05T00:00:00",
"last_revision_date": "2021-10-05T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-750",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Trend Micro. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000289183 du 04 octobre 2021",
"url": "https://success.trendmicro.com/solution/000289183"
}
]
}
CERTFR-2021-AVI-513
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits TrendMicro. Elle permet à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ESET | Security | Worry-Free Business Security version 10.0 SP1 sans le correctif 2329 | ||
| Trend Micro | Apex One | Apex One version 2019 (on-premise) sans le correctif 5 b9565 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Worry-Free Business Security version 10.0 SP1 sans le correctif 2329",
"product": {
"name": "Security",
"vendor": {
"name": "ESET",
"scada": false
}
}
},
{
"description": "Apex One version 2019 (on-premise) sans le correctif 5 b9565",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-32463",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32463"
}
],
"initial_release_date": "2021-07-12T00:00:00",
"last_revision_date": "2021-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-513",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits TrendMicro. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits TrendMicro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000286856 du 09 juillet 2021",
"url": "https://success.trendmicro.com/solution/000286856"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000286855 du 09 juillet 2021",
"url": "https://success.trendmicro.com/solution/000286855"
}
]
}
CERTFR-2021-AVI-231
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | N/A | OfficeScan version XG SP1 sans le dernier correctif CP 6046 (le support de ce produit s'est arrêté au 31 mars 2021) | ||
| Trend Micro | Apex One | Apex One sans le dernier correctif CP 9204 | ||
| Trend Micro | Apex One | Apex One (SaaS) sans le dernier correctif (202103) |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OfficeScan version XG SP1 sans le dernier correctif CP 6046 (le support de ce produit s\u0027est arr\u00eat\u00e9 au 31 mars 2021)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One sans le dernier correctif CP 9204",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One (SaaS) sans le dernier correctif (202103)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-28646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28646"
},
{
"name": "CVE-2021-25250",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25250"
},
{
"name": "CVE-2021-28645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28645"
},
{
"name": "CVE-2021-25253",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25253"
}
],
"initial_release_date": "2021-04-01T00:00:00",
"last_revision_date": "2021-04-01T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-231",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000286157 du 31 mars 2021",
"url": "https://success.trendmicro.com/solution/000286157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000286019 du 31 mars 2021",
"url": "https://success.trendmicro.com/solution/000286019"
}
]
}
CERTFR-2021-AVI-159
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Trend Micro. Elle permet à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | N/A | Worry-Free Business Security version antérieures à 10.1 SP1 Patch 2274 (pour Windows) | ||
| Trend Micro | N/A | InterScan Messaging Security Virtual Appliance version antérieures à 9.1 CP2034 | ||
| Trend Micro | N/A | ServerProtect for EMC Celerra version antérieures à 5.8 CP1573 EMC Celerra | ||
| Trend Micro | N/A | OfficeScan version antérieures à XG SP1 CP6040 (pour Windows) | ||
| Trend Micro | N/A | ServerProtect for Windows/Netware version antérieures à 5.8 CP1571 | ||
| Trend Micro | N/A | Control Manager version antérieures à 7.0 CP 3215 (pour Windows) | ||
| Trend Micro | N/A | ScanMail for IBM Domino version antérieures à 5.8 CP1083 (pour Windows et Linux) | ||
| Trend Micro | N/A | InterScan Web Security Virtual Appliance version antérieures à 6.5 CP1926 | ||
| Trend Micro | N/A | Deep Discovery Analyzer version antérieures à 5.1+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | ServerProtect for Network Appliance Filers version antérieures à 5.8 CP1295 NetApp | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 20.0 LTS (correctif du 18 janvier 2021) | ||
| Trend Micro | Deep Discovery Inspector | Deep Discovery Inspector version antérieures à 3.8+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | ServerProtect for Storage version antérieures à 6.0 CP1274 (pour Windows) | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 12.0 U15 | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 11.0 U25 | ||
| Trend Micro | N/A | Safe Lock TXOne Edition version antérieures à 1.1 CP1042 (pour Windows) | ||
| Trend Micro | N/A | PortalProtect version antérieures à 2.6 CP1045 (pour Windows) | ||
| Trend Micro | N/A | Deep Discovery Email Inspector version antérieures à 2.5+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | Cloud Edge version antérieures à 5.0+ correctif via ActiveUpdate | ||
| Trend Micro | N/A | Deep Security version antérieures à DS 10.0 U29 | ||
| Trend Micro | Apex One | Apex One version antérieures à 2019 CP9167 (On Premise) SaaS (B2101) (pour Windows et macOS) | ||
| Trend Micro | N/A | ScanMail for Exchange version antérieures à 14.0 CP3083 (pour Windows) | ||
| Trend Micro | N/A | ServerProtect for Linux version antérieures à 3.0 CP1649 | ||
| Trend Micro | N/A | Apex Central version antérieures à 2019 CP5534 SaaS (pour Windows) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Worry-Free Business Security version ant\u00e9rieures \u00e0 10.1 SP1 Patch 2274 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "InterScan Messaging Security Virtual Appliance version ant\u00e9rieures \u00e0 9.1 CP2034",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for EMC Celerra version ant\u00e9rieures \u00e0 5.8 CP1573 EMC Celerra",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "OfficeScan version ant\u00e9rieures \u00e0 XG SP1 CP6040 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Windows/Netware version ant\u00e9rieures \u00e0 5.8 CP1571",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Control Manager version ant\u00e9rieures \u00e0 7.0 CP 3215 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ScanMail for IBM Domino version ant\u00e9rieures \u00e0 5.8 CP1083 (pour Windows et Linux)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "InterScan Web Security Virtual Appliance version ant\u00e9rieures \u00e0 6.5 CP1926",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Analyzer version ant\u00e9rieures \u00e0 5.1+ correctif via ActiveUpdate",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Network Appliance Filers version ant\u00e9rieures \u00e0 5.8 CP1295 NetApp",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 20.0 LTS (correctif du 18 janvier 2021)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Inspector version ant\u00e9rieures \u00e0 3.8+ correctif via ActiveUpdate",
"product": {
"name": "Deep Discovery Inspector",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Storage version ant\u00e9rieures \u00e0 6.0 CP1274 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 12.0 U15",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 11.0 U25",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Safe Lock TXOne Edition version ant\u00e9rieures \u00e0 1.1 CP1042 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "PortalProtect version ant\u00e9rieures \u00e0 2.6 CP1045 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Email Inspector version ant\u00e9rieures \u00e0 2.5+ correctif via ActiveUpdate",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Cloud Edge version ant\u00e9rieures \u00e0 5.0+ correctif via ActiveUpdate",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Security version ant\u00e9rieures \u00e0 DS 10.0 U29",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One version ant\u00e9rieures \u00e0 2019 CP9167 (On Premise) SaaS (B2101) (pour Windows et macOS)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ScanMail for Exchange version ant\u00e9rieures \u00e0 14.0 CP3083 (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "ServerProtect for Linux version ant\u00e9rieures \u00e0 3.0 CP1649",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central version ant\u00e9rieures \u00e0 2019 CP5534 SaaS (pour Windows)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25252"
}
],
"initial_release_date": "2021-03-03T00:00:00",
"last_revision_date": "2021-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-159",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Trend Micro. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000285675 du 02 mars 2021",
"url": "https://success.trendmicro.com/solution/000285675"
}
]
}
CERTFR-2021-AVI-085
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One versions sans le correctif de sécurité CP9167 | ||
| Trend Micro | Apex One | Apex One (SaaS) versions sans le correctif de sécurité mensuel 202101 | ||
| Trend Micro | N/A | OfficeScan versions XG SP1 sans le correctif de sécurité CP6040 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One versions sans le correctif de s\u00e9curit\u00e9 CP9167",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One (SaaS) versions sans le correctif de s\u00e9curit\u00e9 mensuel 202101",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "OfficeScan versions XG SP1 sans le correctif de s\u00e9curit\u00e9 CP6040",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25237",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25237"
},
{
"name": "CVE-2021-25249",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25249"
},
{
"name": "CVE-2021-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25236"
},
{
"name": "CVE-2021-25239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25239"
},
{
"name": "CVE-2021-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25248"
},
{
"name": "CVE-2021-25230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25230"
},
{
"name": "CVE-2021-25228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25228"
},
{
"name": "CVE-2021-25238",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25238"
},
{
"name": "CVE-2021-25233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25233"
},
{
"name": "CVE-2021-25231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25231"
},
{
"name": "CVE-2021-25240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25240"
},
{
"name": "CVE-2021-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25235"
},
{
"name": "CVE-2021-25242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25242"
},
{
"name": "CVE-2021-25234",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25234"
},
{
"name": "CVE-2021-25229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25229"
},
{
"name": "CVE-2021-25232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25232"
},
{
"name": "CVE-2021-25241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25241"
},
{
"name": "CVE-2021-25243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25243"
},
{
"name": "CVE-2021-25246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25246"
}
],
"initial_release_date": "2021-02-05T00:00:00",
"last_revision_date": "2021-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284205 du 04 f\u00e9vrier 2021",
"url": "https://success.trendmicro.com/solution/000284205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284202 du 04 f\u00e9vrier 2021",
"url": "https://success.trendmicro.com/solution/000284202"
}
]
}
CERTFR-2021-AVI-067
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One sans le dernier correctif CP9167 | ||
| Trend Micro | Apex One | Apex One as a Service sans le dernier correctif mensuel (202101) | ||
| Trend Micro | N/A | OfficeScan XG SP1 sans le dernier correctif CP6040 | ||
| Trend Micro | N/A | Worry-Free Business Security Services (WFBSS) sans le dernier correctif mensuel (6.7.1500) | ||
| Trend Micro | N/A | Worry-Free Business Security (WFBS) 10 SP1 sans le dernier correctif 2274 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One sans le dernier correctif CP9167",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service sans le dernier correctif mensuel (202101)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "OfficeScan XG SP1 sans le dernier correctif CP6040",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security Services (WFBSS) sans le dernier correctif mensuel (6.7.1500)",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Worry-Free Business Security (WFBS) 10 SP1 sans le dernier correctif 2274",
"product": {
"name": "N/A",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25237",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25237"
},
{
"name": "CVE-2021-25249",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25249"
},
{
"name": "CVE-2021-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25236"
},
{
"name": "CVE-2021-25239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25239"
},
{
"name": "CVE-2021-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25248"
},
{
"name": "CVE-2021-25230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25230"
},
{
"name": "CVE-2021-25228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25228"
},
{
"name": "CVE-2021-25238",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25238"
},
{
"name": "CVE-2021-25233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25233"
},
{
"name": "CVE-2021-25231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25231"
},
{
"name": "CVE-2021-25240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25240"
},
{
"name": "CVE-2021-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25235"
},
{
"name": "CVE-2021-25242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25242"
},
{
"name": "CVE-2021-25244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25244"
},
{
"name": "CVE-2021-25234",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25234"
},
{
"name": "CVE-2021-25229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25229"
},
{
"name": "CVE-2021-25232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25232"
},
{
"name": "CVE-2021-25241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25241"
},
{
"name": "CVE-2021-25243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25243"
},
{
"name": "CVE-2021-25245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25245"
},
{
"name": "CVE-2021-25246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25246"
}
],
"initial_release_date": "2021-01-29T00:00:00",
"last_revision_date": "2021-01-29T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-067",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend\nMicro. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284206 du 28 janvier 2021",
"url": "https://success.trendmicro.com/solution/000284206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284202 du 28 janvier 2021",
"url": "https://success.trendmicro.com/solution/000284202"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro 000284205 du 28 janvier 2021",
"url": "https://success.trendmicro.com/solution/000284205"
}
]
}