Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 12 Feb 2025 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:trendmicro:apex_one:-:*:*:*:*:saas:*:* cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*

Wed, 29 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-09-15'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2025-07-30T01:37:38.356Z

Reserved: 2022-09-06T00:00:00.000Z

Link: CVE-2022-40139

cve-icon Vulnrichment

Updated: 2024-08-03T12:14:39.635Z

cve-icon NVD

Status : Analyzed

Published: 2022-09-19T18:15:09.960

Modified: 2025-02-12T20:44:10.163

Link: CVE-2022-40139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.