CVE-2022-40139
- Reference to the description:
- Description:
- Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
- Last updated date:
- 08/08/2023
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 09/13/2022
- Reference url to background
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 09/15/2022
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog