Published:2022/11/18 Last Updated:2022/11/18
JVNVU#90082799
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
Overview
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Products Affected
- Apex One On Premise (2019)
- Apex One as a Service
Description
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Impact
- Information disclosure due to Out-of-Bounds read vulnerabilities
- Privilege escalation due to an Out-of-Bounds access vulnerability in the Unauthorized Change Prevention Service
- Privilege escalation due to a memory corruption vulnerability in the Unauthorized Change Prevention Service
- Privilege escalation due to a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in the Security Agent
- Privilege escalation due to an improper handling of exceptional conditions vulnerability
- Privilege escalation due to a directory traversal vulnerability in the Security Agent
- Memory corruption due to missing SAFESEH memory protection mechanism in some modules
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the following patch to fix these vulnerabilities.
- Trend Micro Apex One On Premise (2019) Service Pack 1 Critical Patch b11128
Apply the Workaround
Applying the following workaround may mitigate the impact of these vulnerabilities.
- Permit access to the product only from the trusted network
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | SECURITY BULLETIN: November 2022 Security Bulletin for Trend Micro Apex One |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.