CVE-2022-40139

Warnung

EPSS 13.44%
Veröffentlicht 19.09.2022 18:15:09
Zuletzt bearbeitet 31.10.2025 18:42:22
Quelle security@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Apex One Version- SwEditionsaas

Microsoft ≫ Windows Version-

Trendmicro ≫ Apex One Version2019

Microsoft ≫ Windows Version-

15.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Schwachstelle

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.44%	0.939

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

https://success.trendmicro.com/solution/000291528

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40139

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-40139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40139

EUVD