CVE-2022-40144
CRITICALTrend Micro Apex One - Authentication Bypass via Request Parameter Falsification
Title source: llmDescription
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.
References (4)
Core 4
Core References
Patch, Vendor Advisory
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
Patch, Third Party Advisory
https://jvn.jp/en/jp/JVN36454862/index.html
Patch, Vendor Advisory
https://success.trendmicro.com/solution/000291528
Patch, Third Party Advisory
https://www.ipa.go.jp/security/ciadr/vul/20220913-jvn.html
Scores
CVSS v3
9.8
EPSS
0.0182
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
trendmicro/apex_one
trendmicro/apex_one
2019
Published
Sep 19, 2022
Tracked Since
Feb 18, 2026