Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH

7.2 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitation Likelihood

EPSS Prediction

12.88 %

Predictive Probability

Percentile Rank

93.9 th

Documented as more likely to be exploited than 93.9% of known CVEs.

Detection Date

Sep 15, 2022

Remediation Due

Oct 06, 2022

CISA Catalog Active

Threat Analysis

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Remediation Directive

Apply updates per vendor instructions.

Asset Context

Vendor Identity

Trend Micro

Affected Product

Apex One and Apex One as a Service

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-353 CWE-641

External Intelligence

https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-40139