All the vulnerabilites related to Trend Micro, Inc. - Apex One
jvndb-2021-002279
Vulnerability from jvndb
Published
2021-08-19 15:01
Modified
2021-08-19 15:01
Summary
Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises
Details
Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002279.html",
"dc:date": "2021-08-19T15:01+09:00",
"dcterms:issued": "2021-08-19T15:01+09:00",
"dcterms:modified": "2021-08-19T15:01+09:00",
"description": "Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002279.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2021-002279",
"sec:references": {
"#text": "https://jvn.jp/en/vu/JVNVU90091573/",
"@id": "JVNVU#90091573",
"@source": "JVN"
},
"title": "Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises"
}
jvndb-2023-002100
Vulnerability from jvndb
Published
2023-06-14 14:47
Modified
2024-05-23 15:23
Severity ?
Summary
Security updates for multiple Trend Micro products for enterprises (June 2023)
Details
Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"dc:date": "2024-05-23T15:23+09:00",
"dcterms:issued": "2023-06-14T14:47+09:00",
"dcterms:modified": "2024-05-23T15:23+09:00",
"description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_central",
"@product": "Apex Central",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:mobile_security",
"@product": "Trend Micro Mobile Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002100",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91852506/",
"@id": "JVNVU#91852506",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/vu/JVNVU93384719/index.html",
"@id": "JVNVU#93384719",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/426.html",
"@id": "CWE-426",
"@title": "Untrusted Search Path(CWE-426)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/269.html",
"@id": "CWE-269",
"@title": "Improper Privilege Management(CWE-269)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Security updates for multiple Trend Micro products for enterprises (June 2023)"
}
jvndb-2021-003385
Vulnerability from jvndb
Published
2021-10-26 12:35
Modified
2021-10-26 12:35
Summary
Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation
Details
Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003385.html",
"dc:date": "2021-10-26T12:35+09:00",
"dcterms:issued": "2021-10-26T12:35+09:00",
"dcterms:modified": "2021-10-26T12:35+09:00",
"description": "Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003385.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one_as_a_service",
"@product": "Apex One as a Service",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:worry_free_business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2021-003385",
"sec:references": {
"#text": "https://jvn.jp/en/vu/JVNVU92842857/",
"@id": "JVNVU#92842857",
"@source": "JVN"
},
"title": "Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation"
}
jvndb-2022-001380
Vulnerability from jvndb
Published
2022-03-02 17:07
Modified
2022-03-02 17:07
Summary
Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)
Details
Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001380.html",
"dc:date": "2022-03-02T17:07+09:00",
"dcterms:issued": "2022-03-02T17:07+09:00",
"dcterms:modified": "2022-03-02T17:07+09:00",
"description": "Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001380.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2022-001380",
"sec:references": {
"#text": "https://jvn.jp/en/vu/JVNVU96994445/index.html",
"@id": "JVNVU#96994445",
"@source": "JVN"
},
"title": "Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)"
}
jvndb-2022-000071
Vulnerability from jvndb
Published
2022-09-14 18:15
Modified
2024-06-13 11:34
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service
Details
Trend Micro Apex One and Trend Micro Apex One as a Service provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.
* Improper validation in some components of the rollback mechanism (CWE-20) - CVE-2022-40139
* Improper access control (CWE-284) - CVE-2022-40140
* Information exposure (CWE-200) - CVE-2022-40141
* Improper link resolution before file access (CWE-59) - CVE-2022-40142
* Improper link resolution before file access (CWE-59) - CVE-2022-40143
* Improper authentication (CWE-287) - CVE-2022-40144
Trend Micro Incorporated states that attacks exploiting CVE-2022-40139 have been observed.
CVE-2022-40139, CVE-2022-40140, CVE-2022-40141, CVE-2022-40142, CVE-2022-40143
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVE-2022-40144
Akinori Takeuchi of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000071.html",
"dc:date": "2024-06-13T11:34+09:00",
"dcterms:issued": "2022-09-14T18:15+09:00",
"dcterms:modified": "2024-06-13T11:34+09:00",
"description": "Trend Micro Apex One and Trend Micro Apex One as a Service provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n * Improper validation in some components of the rollback mechanism (CWE-20) - CVE-2022-40139\r\n * Improper access control (CWE-284) - CVE-2022-40140\r\n * Information exposure (CWE-200) - CVE-2022-40141\r\n * Improper link resolution before file access (CWE-59) - CVE-2022-40142\r\n * Improper link resolution before file access (CWE-59) - CVE-2022-40143\r\n * Improper authentication (CWE-287) - CVE-2022-40144\r\n\r\nTrend Micro Incorporated states that attacks exploiting CVE-2022-40139 have been observed.\r\n\r\nCVE-2022-40139, CVE-2022-40140, CVE-2022-40141, CVE-2022-40142, CVE-2022-40143\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-40144\r\nAkinori Takeuchi of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000071.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000071",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36454862/index.html",
"@id": "JVN#36454862",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40139",
"@id": "CVE-2022-40139",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40140",
"@id": "CVE-2022-40140",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40141",
"@id": "CVE-2022-40141",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40142",
"@id": "CVE-2022-40142",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40143",
"@id": "CVE-2022-40143",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40144",
"@id": "CVE-2022-40144",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40139",
"@id": "CVE-2022-40139",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40140",
"@id": "CVE-2022-40140",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40141",
"@id": "CVE-2022-40141",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40142",
"@id": "CVE-2022-40142",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40143",
"@id": "CVE-2022-40143",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40144",
"@id": "CVE-2022-40144",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/security/ciadr/vul/20220913-jvn.html",
"@id": "JVN#36454862",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2022/at220023.html",
"@id": "JPCERT-AT-2022-0023",
"@source": "JPCERT"
},
{
"#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"@id": "CVE-2022-40139",
"@source": "CISA Known Exploited Vulnerabilities Catalog"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service"
}
jvndb-2023-003721
Vulnerability from jvndb
Published
2023-09-20 13:58
Modified
2024-05-09 18:22
Severity ?
Summary
Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution
Details
Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module.
Trend Micro Incorporated states that an attack exploiting this vulnerability has been observed.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU90967486/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-41179 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-41179 | |
| JPCERT | https://www.jpcert.or.jp/english/at/2023/at230021.html | |
| CISA Known Exploited Vulnerabilities Catalog | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | |
| Code Injection(CWE-94) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003721.html",
"dc:date": "2024-05-09T18:22+09:00",
"dcterms:issued": "2023-09-20T13:58+09:00",
"dcterms:modified": "2024-05-09T18:22+09:00",
"description": "Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module.\r\n\r\nTrend Micro Incorporated states that an attack exploiting this vulnerability has been observed.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003721.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.1",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-003721",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90967486/index.html",
"@id": "JVNVU#90967486",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41179",
"@id": "CVE-2023-41179",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41179",
"@id": "CVE-2023-41179",
"@source": "NVD"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2023/at230021.html",
"@id": "JPCERT-AT-2023-0021",
"@source": "JPCERT"
},
{
"#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"@id": "CVE-2023-41179",
"@source": "CISA Known Exploited Vulnerabilities Catalog"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution"
}
jvndb-2024-003645
Vulnerability from jvndb
Published
2024-06-20 14:59
Modified
2024-06-20 14:59
Summary
Multiple vulnerabilities in multiple Trend Micro products
Details
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003645.html",
"dc:date": "2024-06-20T14:59+09:00",
"dcterms:issued": "2024-06-20T14:59+09:00",
"dcterms:modified": "2024-06-20T14:59+09:00",
"description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003645.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one_as_a_service",
"@product": "Apex One as a Service",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:deep_security_agent",
"@product": "Deep Security Agent",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_virtual_appliance",
"@product": "TrendMicro InterScan Web Security Virtual Appliance",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2024-003645",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99027428/index.html",
"@id": "JVNVU#99027428",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36302",
"@id": "CVE-2024-36302",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36303",
"@id": "CVE-2024-36303",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36304",
"@id": "CVE-2024-36304",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36305",
"@id": "CVE-2024-36305",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36306",
"@id": "CVE-2024-36306",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36307",
"@id": "CVE-2024-36307",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-37289",
"@id": "CVE-2024-37289",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36358",
"@id": "CVE-2024-36358",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36359",
"@id": "CVE-2024-36359",
"@source": "CVE"
}
],
"title": "Multiple vulnerabilities in multiple Trend Micro products"
}
jvndb-2022-002265
Vulnerability from jvndb
Published
2022-08-18 15:45
Modified
2024-06-14 17:11
Severity ?
Summary
Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation
Details
Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002265.html",
"dc:date": "2024-06-14T17:11+09:00",
"dcterms:issued": "2022-08-18T15:45+09:00",
"dcterms:modified": "2024-06-14T17:11+09:00",
"description": "Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002265.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002265",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU96643038/index.html",
"@id": "JVNVU#96643038",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36336",
"@id": "CVE-2022-36336",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36336",
"@id": "CVE-2022-36336",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation"
}
jvndb-2022-001948
Vulnerability from jvndb
Published
2022-06-03 12:17
Modified
2024-06-18 16:30
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Details
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU90675050/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-30700 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-30701 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-30700 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-30701 | |
| Incorrect Permission Assignment for Critical Resource(CWE-732) | https://cwe.mitre.org/data/definitions/732.html | |
| Uncontrolled Search Path Element(CWE-427) | https://cwe.mitre.org/data/definitions/427.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001948.html",
"dc:date": "2024-06-18T16:30+09:00",
"dcterms:issued": "2022-06-03T12:17+09:00",
"dcterms:modified": "2024-06-18T16:30+09:00",
"description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001948.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-001948",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU90675050/index.html",
"@id": "JVNVU#90675050",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-30700",
"@id": "CVE-2022-30700",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-30701",
"@id": "CVE-2022-30701",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30700",
"@id": "CVE-2022-30700",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30701",
"@id": "CVE-2022-30701",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/732.html",
"@id": "CWE-732",
"@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/427.html",
"@id": "CWE-427",
"@title": "Uncontrolled Search Path Element(CWE-427)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}
jvndb-2023-006199
Vulnerability from jvndb
Published
2023-11-13 17:28
Modified
2024-03-13 17:28
Severity ?
Summary
Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)
Details
Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006199.html",
"dc:date": "2024-03-13T17:28+09:00",
"dcterms:issued": "2023-11-13T17:28+09:00",
"dcterms:modified": "2024-03-13T17:28+09:00",
"description": "Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006199.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-006199",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU98040889/index.html",
"@id": "JVNVU#98040889",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47192",
"@id": "CVE-2023-47192",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47193",
"@id": "CVE-2023-47193",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47194",
"@id": "CVE-2023-47194",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47195",
"@id": "CVE-2023-47195",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47196",
"@id": "CVE-2023-47196",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47197",
"@id": "CVE-2023-47197",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47198",
"@id": "CVE-2023-47198",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47199",
"@id": "CVE-2023-47199",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47200",
"@id": "CVE-2023-47200",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47201",
"@id": "CVE-2023-47201",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-47202",
"@id": "CVE-2023-47202",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47192",
"@id": "CVE-2023-47192",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47193",
"@id": "CVE-2023-47193",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47194",
"@id": "CVE-2023-47194",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47195",
"@id": "CVE-2023-47195",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47196",
"@id": "CVE-2023-47196",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47197",
"@id": "CVE-2023-47197",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47198",
"@id": "CVE-2023-47198",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47199",
"@id": "CVE-2023-47199",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47200",
"@id": "CVE-2023-47200",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47201",
"@id": "CVE-2023-47201",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47202",
"@id": "CVE-2023-47202",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)"
}
jvndb-2022-002544
Vulnerability from jvndb
Published
2022-10-20 16:18
Modified
2024-06-13 13:58
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Details
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002544.html",
"dc:date": "2024-06-13T13:58+09:00",
"dcterms:issued": "2022-10-20T16:18+09:00",
"dcterms:modified": "2024-06-13T13:58+09:00",
"description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002544.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.1",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002544",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU97131578/index.html",
"@id": "JVNVU#97131578",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41744",
"@id": "CVE-2022-41744",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41745",
"@id": "CVE-2022-41745",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41746",
"@id": "CVE-2022-41746",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41747",
"@id": "CVE-2022-41747",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41748",
"@id": "CVE-2022-41748",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-41749",
"@id": "CVE-2022-41749",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41744",
"@id": "CVE-2022-41744",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41745",
"@id": "CVE-2022-41745",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41746",
"@id": "CVE-2022-41746",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41747",
"@id": "CVE-2022-41747",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41748",
"@id": "CVE-2022-41748",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41749",
"@id": "CVE-2022-41749",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/425.html",
"@id": "CWE-425",
"@title": "Direct Request (\u0027Forced Browsing\u0027)(CWE-425)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/295.html",
"@id": "CWE-295",
"@title": "Improper Certificate Validation(CWE-295)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/276.html",
"@id": "CWE-276",
"@title": "Incorrect Default Permissions(CWE-276)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/346.html",
"@id": "CWE-346",
"@title": "Origin Validation Error(CWE-346)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}
jvndb-2022-002761
Vulnerability from jvndb
Published
2022-11-21 18:25
Modified
2024-05-31 17:43
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Details
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002761.html",
"dc:date": "2024-05-31T17:43+09:00",
"dcterms:issued": "2022-11-21T18:25+09:00",
"dcterms:modified": "2024-05-31T17:43+09:00",
"description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002761.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002761",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90082799",
"@id": "JVNVU#90082799",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/vu/JVNVU91848962/index.html",
"@id": "JVNVU#91848962",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44647",
"@id": "CVE-2022-44647",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44648",
"@id": "CVE-2022-44648",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44649",
"@id": "CVE-2022-44649",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44650",
"@id": "CVE-2022-44650",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44651",
"@id": "CVE-2022-44651",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44652",
"@id": "CVE-2022-44652",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44653",
"@id": "CVE-2022-44653",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44654",
"@id": "CVE-2022-44654",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44647",
"@id": "CVE-2022-44647",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44648",
"@id": "CVE-2022-44648",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44649",
"@id": "CVE-2022-44649",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44650",
"@id": "CVE-2022-44650",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44651",
"@id": "CVE-2022-44651",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44652",
"@id": "CVE-2022-44652",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44653",
"@id": "CVE-2022-44653",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44654",
"@id": "CVE-2022-44654",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/755.html",
"@id": "CWE-755",
"@title": "Improper Handling of Exceptional Conditions(CWE-755)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}
jvndb-2021-002077
Vulnerability from jvndb
Published
2021-08-04 11:15
Modified
2021-08-04 11:15
Severity ?
Summary
Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises
Details
Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.
* Incorrect Permission Assignment (CWE-732) - CVE-2021-32464
* Improper Preservation of Permissions (CWE-281) - CVE-2021-32465
* Improper Input Validation (CWE-20) - CVE-2021-36741
* Improper Input Validation (CWE-20) - CVE-2021-36742
Trend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93876919/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32464 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32465 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36741 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36742 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-32464 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-32465 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-36742 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-36741 | |
| JPCERT | https://www.jpcert.or.jp/at/2021/at210033.html | |
| CISA Known Exploited Vulnerabilities Catalog | https://cisa.gov/known-exploited-vulnerabilities-catalog | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Improper Preservation of Permissions(CWE-281) | http://cwe.mitre.org/data/definitions/281.html | |
| Incorrect Permission Assignment for Critical Resource(CWE-732) | https://cwe.mitre.org/data/definitions/732.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
"dc:date": "2021-08-04T11:15+09:00",
"dcterms:issued": "2021-08-04T11:15+09:00",
"dcterms:modified": "2021-08-04T11:15+09:00",
"description": "Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n* Incorrect Permission Assignment (CWE-732) - CVE-2021-32464\r\n* Improper Preservation of Permissions (CWE-281) - CVE-2021-32465\r\n* Improper Input Validation (CWE-20) - CVE-2021-36741\r\n* Improper Input Validation (CWE-20) - CVE-2021-36742\r\n\r\nTrend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security",
"@product": "Worry-Free Business Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:business_security_services",
"@product": "Worry-Free Business Security Services",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-002077",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93876919/index.html",
"@id": "JVNVU#93876919",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32464",
"@id": "CVE-2021-32464",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32465",
"@id": "CVE-2021-32465",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36741",
"@id": "CVE-2021-36741",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36742",
"@id": "CVE-2021-36742",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32464",
"@id": "CVE-2021-32464",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32465",
"@id": "CVE-2021-32465",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36742",
"@id": "CVE-2021-36742",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36741",
"@id": "CVE-2021-36741",
"@source": "NVD"
},
{
"#text": "https://www.jpcert.or.jp/at/2021/at210033.html",
"@id": "JPCERT-AT-2021-0033",
"@source": "JPCERT"
},
{
"#text": "https://cisa.gov/known-exploited-vulnerabilities-catalog",
"@id": "CVE-2021-36741, CVE-2021-36742",
"@source": "CISA Known Exploited Vulnerabilities Catalog"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "http://cwe.mitre.org/data/definitions/281.html",
"@id": "CWE-281",
"@title": "Improper Preservation of Permissions(CWE-281)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/732.html",
"@id": "CWE-732",
"@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
}
],
"title": "Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises"
}
jvndb-2022-002836
Vulnerability from jvndb
Published
2022-12-26 16:21
Modified
2024-05-30 17:47
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Details
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002836.html",
"dc:date": "2024-05-30T17:47+09:00",
"dcterms:issued": "2022-12-26T16:21+09:00",
"dcterms:modified": "2024-05-30T17:47+09:00",
"description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002836.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002836",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96679793/index.html",
"@id": "JVNVU#96679793",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/vu/JVNVU91848962/index.html",
"@id": "JVNVU#91848962",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-45797",
"@id": "CVE-2022-45797",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-45798",
"@id": "CVE-2022-45798",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-45797",
"@id": "CVE-2022-45797",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-45798",
"@id": "CVE-2022-45798",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}
jvndb-2023-001292
Vulnerability from jvndb
Published
2023-03-02 17:33
Modified
2024-06-07 16:59
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Details
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001292.html",
"dc:date": "2024-06-07T16:59+09:00",
"dcterms:issued": "2023-03-02T17:33+09:00",
"dcterms:modified": "2024-06-07T16:59+09:00",
"description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001292.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-001292",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU96221942/index.html",
"@id": "JVNVU#96221942",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-0587",
"@id": "CVE-2023-0587",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25143",
"@id": "CVE-2023-25143",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25144",
"@id": "CVE-2023-25144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25145",
"@id": "CVE-2023-25145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25146",
"@id": "CVE-2023-25146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25147",
"@id": "CVE-2023-25147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25148",
"@id": "CVE-2023-25148",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-0587",
"@id": "CVE-2023-0587",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25143",
"@id": "CVE-2023-25143",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25144",
"@id": "CVE-2023-25144",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25145",
"@id": "CVE-2023-25145",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25146",
"@id": "CVE-2023-25146",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25147",
"@id": "CVE-2023-25147",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25148",
"@id": "CVE-2023-25148",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/434.html",
"@id": "CWE-434",
"@title": "Unrestricted Upload of File with Dangerous Type(CWE-434)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/427.html",
"@id": "CWE-427",
"@title": "Uncontrolled Search Path Element(CWE-427)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}