CVE-2022-40139
HIGH KEVTrend Micro Apex One - Remote Code Execution via Unverified Rollback Package
Title source: llmExploitation Summary
CVE-2022-40139 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 15, 2022.
Description
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-40139
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000291528
Scores
CVSS v3
7.2
EPSS
0.0891
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-09-15
VulnCheck KEV
2022-09-13
InTheWild.io
2022-09-13
ENISA EUVD
EUVD-2022-43457
Status
published
Products (2)
trendmicro/apex_one
trendmicro/apex_one
2019
Published
Sep 19, 2022
KEV Added
Sep 15, 2022
Tracked Since
Feb 18, 2026