- 207/2022
- High
Trend Micro has released a new service pack for Apex One product that resolves multiple vulnerabilities in the product.
The addressed vulnerabilities could allow the remote attacker to perform several attacks, like bypassing security restrictions, elevating privileges, and causing a denial of service on the affected system.
Sample of addressed vulnerabilities :
1 -Trend Micro Apex One security bypass (CVE-2022-40144):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2 – Trend Micro Apex One code execution (CVE-2022-40139):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-40139
- CVE-2022-40140
- CVE-2022-40141
- CVE-2022-40142
- CVE-2022-40143
- CVE-2022-40144
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.