Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTrendmicro Apex One
APPTrendmicro2019Trendmicro Officescan
APPTrendmicroxg
CISA KEV — detailsi
- Vendori
- Trend Micro
- Producti
- Apex One and OfficeScan
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Apply updates per vendor instructions.
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
Related vulnerabilities
Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attac...
RCE w Trend Micro Apex One – command injection bez uwierzytelnienia
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenti...
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an ...