Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

Published

2022-10-10T21:15:11.923

Last Modified

2024-11-21T07:23:46.917

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
CWE-425

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	apex_one	-	Yes
Application	trendmicro	apex_one	2019	Yes
Operating System	microsoft	windows	-	No

References

https://success.trendmicro.com/solution/000291645 Patch, Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-1403/ Third Party Advisory, VDB Entry ([email protected])
https://success.trendmicro.com/solution/000291645 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-1403/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)