CVE-2022-40140

MEDIUM

Trend Micro Apex One - Denial of Service via Origin Validation Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-40140. PoCs published by mr-r3b00t, ZephrFish, ipsBruno.

AI-analyzed exploit summary This repository contains PowerShell scripts designed to detect and scan for vulnerabilities related to CVE-2022-40140 and CVE-2022-41082 in Microsoft Exchange Server. It includes scripts for checking server configurations, parsing IIS logs for indicators of compromise, and testing for potential vulnerabilities via HTTP requests.

Description

An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Exploits (3)

nomisec SCANNER 26 stars
by mr-r3b00t · poc
https://github.com/mr-r3b00t/NotProxyShellHunter

This repository contains PowerShell scripts designed to detect and scan for vulnerabilities related to CVE-2022-40140 and CVE-2022-41082 in Microsoft Exchange Server. It includes scripts for checking server configurations, parsing IIS logs for indicators of compromise, and testing for potential vulnerabilities via HTTP requests.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Exchange Server
No auth needed
Prerequisites: Access to the target Exchange Server · Network connectivity to the server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 7 stars
by ZephrFish · poc
https://github.com/ZephrFish/NotProxyShellScanner

The repository contains a Python script that scans for CVE-2022-40140 and CVE-2022-41082 (NotProxyShell) vulnerabilities in Microsoft Exchange servers. It checks for specific response patterns to determine potential vulnerability but does not include exploit code.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Exchange Server
No auth needed
Prerequisites: Known email and domain of the target organization
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 2 stars
by ipsBruno · poc
https://github.com/ipsBruno/CVE-2022-40140-SCANNER

This repository contains a scanner for CVE-2022-40140, which targets Microsoft Exchange Server. The script uses Shodan to find potential targets and sends crafted HTTP requests to detect the vulnerability by checking for the presence of the 'x-feserver' header in responses.

Classification
Scanner 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Exchange Server
No auth needed
Prerequisites: Shodan API key · Internet access
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000291528
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-22-1189/

Scores

CVSS v3 5.5
EPSS 0.0043
EPSS Percentile 33.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-346
Status published
Products (2)
trendmicro/apex_one
trendmicro/apex_one 2019
Published Sep 19, 2022
Tracked Since Feb 18, 2026