Description
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://success.trendmicro.com/solution/000291645
Third Party Advisory, VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-1403/
Scores
CVSS v3
9.1
EPSS
0.0097
EPSS Percentile
57.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-425
Status
published
Products (2)
trendmicro/apex_one
trendmicro/apex_one
2019
Published
Oct 10, 2022
Tracked Since
Feb 18, 2026