Published:2022/06/02  Last Updated:2022/06/02

JVNVU#90675050
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview

Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.

Products Affected

  • Apex One On Premise (2019)
  • Apex One as a Service

Description

Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.

Impact

  • Privilege escalation and arbitrary DLL loading due to an incorrect permission assignment vulnerability
  • Privilege escalation and arbitrary DLL loading due to an uncontrolled search path element vulnerability

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The issue in Apex One as a Service is fixed in the March 2022 updates.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia