Filtered by vendor Trendmicro Subscriptions
Filtered by product Apex One Subscriptions
Total 145 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-19692 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 6.1 Medium
Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.
CVE-2019-19691 2 Microsoft, Trendmicro 3 Windows, Apex One, Officescan 2024-11-21 4.9 Medium
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.
CVE-2019-18189 1 Trendmicro 3 Apex One, Officescan, Worry-free Business Security 2024-11-21 9.8 Critical
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
CVE-2019-18188 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.5 High
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.
CVE-2024-39753 1 Trendmicro 1 Apex One 2024-10-23 7.5 High
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.