9.8

CVE-2022-40144

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroApex One Version- SwPlatformsaas
   MicrosoftWindows Version-
TrendmicroApex One Version2019
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.18% 0.801
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://success.trendmicro.com/solution/000291528
Patch
Vendor Advisory
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
Patch
Vendor Advisory
https://jvn.jp/en/jp/JVN36454862/index.html
Patch
Third Party Advisory
https://www.ipa.go.jp/security/ciadr/vul/20220913-jvn.html
Patch
Third Party Advisory