Filenotfound

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex Central (affected versions not specified) **Description** The issue is related to a cross-site scripting vulnerability in Trend Micro Apex Central, which could allow a remote attacker to execute arbitrary code on affected installations. This could potentially lead to privilege escalation. User interaction is required to exploit this vulnerability, where the target must visit a malicious page or open a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TXOne StellarOne versions prior to V2.0.1160 **Description** The issue is related to improper access control, which could allow a malicious user to escalate their privileges to administrator level. This would enable the attacker to perform unauthorized actions. To exploit this vulnerability, an attacker must first obtain a low-privileged authenticated user's profile on the target system. **Recommendations** For versions prior to V2.0.1160, update to version V2.0.1160 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Additionally, ensure that all users have the least privileges necessary to perform their tasks, to reduce the potential impact of a privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to improper access control in the web console of Trend Micro Apex One and Apex One as a Service, which could allow a remote attacker to gain unauthorized access to protected information. This can be achieved by connecting to TCP port 4343. The vulnerability may allow an unauthenticated user to disclose sensitive information on agents under certain circumstances. **Recommendations** For Trend Micro Apex One, consider restricting access to the web console and TCP port 4343 until a patch is available. For Trend Micro Apex One as a Service, consider restricting access to the web console and TCP port 4343 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** A forced browsing issue could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. The attacker must first obtain the ability to log onto the Apex One web console in order to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to improper access control in the web console of Trend Micro Apex One and Apex One as a Service, which could allow an unauthenticated user to disclose sensitive information on agents under certain circumstances. This vulnerability may enable a remote attacker to gain unauthorized access to protected information. **Recommendations** For Trend Micro Apex One, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) Trend Micro Worry-Free Business Security 10.0 SP1 Trend Micro Worry-Free Business Security Services (affected versions not specified) **Description** A security agent resource exhaustion denial-of-service issue could allow an attacker to flood a temporary log location and consume all disk space on affected installations. **Recommendations** For Trend Micro Apex One, consider restricting access to temporary log locations to minimize the risk of exploitation. For Trend Micro Apex One as a Service, consider implementing measures to limit disk space consumption. For Trend Micro Worry-Free Business Security 10.0 SP1, restrict access to vulnerable components until a fix is available. For Trend Micro Worry-Free Business Security Services, avoid configurations that could lead to resource exhaustion until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (on-prem) version not specified OfficeScan XG version SP1 Worry-Free Business Security version 10.0 SP1 Description: An improper access control issue could allow an unauthenticated user to obtain information about x86 agent hotfixes. Recommendations: For Trend Micro Apex One (on-prem), update to a version that addresses the improper access control issue. For OfficeScan XG SP1, apply the necessary patch or update to resolve the access control vulnerability. For Worry-Free Business Security 10.0 SP1, consider restricting access to sensitive information until a fix is available.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) Trend Micro OfficeScan XG SP1 (affected versions not specified) Trend Micro Worry-Free Business Security (affected versions not specified) Description: An improper access control information disclosure issue could allow an unauthenticated user to create a bogus agent on an affected server. This bogus agent could then be used to make valid configuration queries. Recommendations: For Trend Micro Apex One, update to a version that includes a fix for this issue. For Trend Micro Apex One as a Service, update to a version that includes a fix for this issue. For Trend Micro OfficeScan XG SP1, update to a version that includes a fix for this issue. For Trend Micro Worry-Free Business Security, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to configuration queries until a patch is available.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One versions (affected versions not specified) Trend Micro OfficeScan XG SP1 Trend Micro Worry-Free Business Security 10.0 SP1 Description: An improper access control issue could allow an unauthenticated user to obtain x64 agent hofitx information. Recommendations: For Trend Micro Apex One, update to a version that addresses the improper access control issue. For Trend Micro OfficeScan XG SP1, consider applying configuration changes to restrict access until a patch is available. For Trend Micro Worry-Free Business Security 10.0 SP1, restrict access to sensitive information to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (affected versions not specified) OfficeScan XG SP1 Worry-Free Business Security 10.0 SP1 Description: The issue is related to improper access control, which could allow an unauthenticated user to obtain version and build information. Recommendations: For Trend Micro Apex One, update to a version that addresses the improper access control issue. For OfficeScan XG SP1, consider restricting access to sensitive information until a patch is available. For Worry-Free Business Security 10.0 SP1, avoid exposing version and build details to unauthenticated users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (on-prem and SaaS) OfficeScan XG SP1 Worry-Free Business Security 10.0 SP1 Description: An improper access control issue could allow an unauthenticated user to obtain patch level information. Recommendations: For Trend Micro Apex One (on-prem and SaaS), consider restricting access to sensitive information until a patch is available. For OfficeScan XG SP1, restrict access to patch level information to minimize the risk of exploitation. For Worry-Free Business Security 10.0 SP1, avoid exposing patch level details to unauthenticated users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Worry-Free Business Security version 10.0 SP1 Description: An improper access control issue could allow an unauthenticated user to obtain various pieces of configuration information. Recommendations: For Worry-Free Business Security version 10.0 SP1, apply the necessary patch or update to fix the improper access control vulnerability.

Name of the Vulnerable Software and Affected Versions: Worry-Free Business Security version 10.0 SP1 Description: An improper access control issue could allow an unauthenticated user to obtain various pieces of settings information. Recommendations: For Worry-Free Business Security version 10.0 SP1, apply the necessary patch or update to resolve the improper access control issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.