Skip to main content
All vulnerabilities
CVE-2022-40139

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Trend MicroApex One and Apex One as a Service

Added to KEV catalog
15 September 2022
Federal remediation due date
6 October 2022
Weakness classification (CWE)
CWE-353, CWE-641

CISA Description

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Required action

Apply updates per vendor instructions.

Notes

https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services