Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Worry-Free Business Security by Trend Micro

CERTFR-2025-AVI-0544

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection SQL (SQLi).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Trend Micro	Worry-Free Business Security	Worry-Free Business Security Services versions antérieures à 6.7.3954 et 14.3.1299
Trend Micro	Apex One	Security agent pour Apex One as a Service versions antérieures à 14.0.14492
Trend Micro	Apex Central	Apex Central versions antérieures à CP B7007
Trend Micro	Apex Central	Apex Central as a Service sans le correctif de sécurité d'Avril 2025
Trend Micro	Apex One	Apex One versions antérieures à SP1 CP Build 14002
Trend Micro	Trend Micro Endpoint Encryption	Trend Micro Endpoint Encryption PolicyServer sans correctif de sécurité Patch 1 Update 6 (Version 6.0.0.4013)
Trend Micro	Worry-Free Business Security	Worry-Free Business Security versions antérieures à 10 SP1 Patch 2514

References

Title

Publication Time

Tags

Bulletin de sécurité Trend Micro KA-0019936	2025-06-09	vendor-advisory
Bulletin de sécurité Trend Micro KA-0019926	2025-06-10	vendor-advisory
Bulletin de sécurité Trend Micro KA-0019928	2025-06-10	vendor-advisory
Bulletin de sécurité Trend Micro KA-0019917	2025-06-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Worry-Free Business Security Services versions ant\u00e9rieures \u00e0 6.7.3954 et 14.3.1299",
      "product": {
        "name": "Worry-Free Business Security",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Security agent pour Apex One as a Service versions ant\u00e9rieures \u00e0 14.0.14492",
      "product": {
        "name": "Apex One",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Apex Central versions ant\u00e9rieures \u00e0 CP B7007",
      "product": {
        "name": "Apex Central",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Apex Central as a Service sans le correctif de s\u00e9curit\u00e9 d\u0027Avril 2025",
      "product": {
        "name": "Apex Central",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Apex One versions ant\u00e9rieures \u00e0 SP1 CP Build 14002",
      "product": {
        "name": "Apex One",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Trend Micro Endpoint Encryption PolicyServer sans correctif de s\u00e9curit\u00e9 Patch 1 Update 6 (Version 6.0.0.4013)",
      "product": {
        "name": "Trend Micro Endpoint Encryption",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Worry-Free Business Security versions ant\u00e9rieures \u00e0 10 SP1 Patch 2514",
      "product": {
        "name": "Worry-Free Business Security",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-49220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49220"
    },
    {
      "name": "CVE-2025-49219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49219"
    },
    {
      "name": "CVE-2025-49156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49156"
    },
    {
      "name": "CVE-2025-49155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49155"
    },
    {
      "name": "CVE-2025-49215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49215"
    },
    {
      "name": "CVE-2025-49214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49214"
    },
    {
      "name": "CVE-2025-49212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49212"
    },
    {
      "name": "CVE-2025-49157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49157"
    },
    {
      "name": "CVE-2025-49487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49487"
    },
    {
      "name": "CVE-2025-49216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49216"
    },
    {
      "name": "CVE-2025-49217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49217"
    },
    {
      "name": "CVE-2025-49213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49213"
    },
    {
      "name": "CVE-2025-49158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49158"
    },
    {
      "name": "CVE-2025-49211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49211"
    },
    {
      "name": "CVE-2025-49154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49154"
    },
    {
      "name": "CVE-2025-49218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49218"
    }
  ],
  "initial_release_date": "2025-06-27T00:00:00",
  "last_revision_date": "2025-06-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0544",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection SQL (SQLi).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
  "vendor_advisories": [
    {
      "published_at": "2025-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019936",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019936"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019926",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019926"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019928",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
    },
    {
      "published_at": "2025-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0019917",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
    }
  ]
}