CVE-2022-41746

CRITICAL

Trend Micro Apex One - Privilege Escalation

Title source: llm

Description

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

References (2)

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/000291645

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-22-1403/

Scores

CVSS v3 9.1

EPSS 0.0083

EPSS Percentile 74.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-425

Status published

Products (2)

trendmicro/apex_one

trendmicro/apex_one 2019

Published Oct 10, 2022

Tracked Since Feb 18, 2026