Lynn

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One Security Agent (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to the use of dangerous methods or functions in the Trend Micro Apex One and Apex One as a Service antivirus software. Exploitation of this issue may allow an attacker to escalate privileges and execute arbitrary code. **Recommendations** For Trend Micro Apex One Security Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One Security Agent (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to the use of dangerous methods or functions in the Trend Micro Apex One and Apex One as a Service security agent. Exploitation of this issue may allow an attacker to elevate their privileges and execute arbitrary code. **Recommendations** For Trend Micro Apex One Security Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One Security Agent (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to an untrusted search path vulnerability in the security agent of Trend Micro Apex One and Apex One as a Service. This vulnerability could allow a local attacker to escalate their privileges on affected installations. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** For Trend Micro Apex One Security Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** A security issue in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder, and replace it with a junction to an arbitrary location, ultimately leading to an arbitrary file being dropped to an arbitrary location. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. The vulnerability is related to incorrect link resolution before accessing a file, which may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** A security agent directory traversal issue could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. **Recommendations** For Trend Micro Apex One, at the moment, there is no information about a newer version that contains a fix for this issue. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an improper certification validation vulnerability in Trend Micro Apex One agents. This could allow a local attacker to load a DLL file with system service privileges on affected installations. It is noted that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (SaaS) (affected versions not specified) Trend Micro Worry-Free Business Security version 10.0 SP1 Trend Micro Worry-Free Services (affected versions not specified) Description: An incorrect permission assignment denial-of-service issue could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. Recommendations: For Trend Micro Apex One, update to a version that includes a fix for the incorrect permission assignment issue. For Trend Micro Apex One as a Service (SaaS), contact the service provider for guidance on mitigating the issue. For Trend Micro Worry-Free Business Security version 10.0 SP1, update to a newer version that addresses the incorrect permission assignment issue. For Trend Micro Worry-Free Services, restrict access to sensitive files and system privileges until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One versions (affected versions not specified) Trend Micro Apex One as a Service versions (affected versions not specified) OfficeScan XG SP1 versions (affected versions not specified) **Description** The issue is related to improper access control in the mentioned software, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** For Trend Micro Apex One, consider restricting access to the service until a patch is available. For Trend Micro Apex One as a Service, restrict access to the service until a patch is available. For OfficeScan XG SP1, restrict access to the resource used by the service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One versions not specified OfficeScan XG SP1 version not specified Worry-Free Business Security versions 10.0 SP1 and Services Description: An out-of-bounds write information disclosure issue could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. Recommendations: For Trend Micro Apex One, update to a version that includes a fix for this issue. For OfficeScan XG SP1, update to a version that includes a fix for this issue. For Worry-Free Business Security versions 10.0 SP1 and Services, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One (on-prem and SaaS) OfficeScan XG SP1 Worry-Free Business Security versions 10.0 SP1 and Services Description: An out-of-bounds read information disclosure issue could allow an attacker to disclose sensitive information about a named pipe. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. Recommendations: For Trend Micro Apex One (on-prem and SaaS), update to a version that includes a fix for this issue. For OfficeScan XG SP1, update to a version that includes a fix for this issue. For Worry-Free Business Security versions 10.0 SP1 and Services, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to named pipes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an Out-Of-Bounds Read Information Disclosure. No further details are provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an out-of-bounds read information disclosure. No further details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an Out-Of-Bounds Read Information Disclosure. No further details are provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an Out-Of-Bounds Read Information Disclosure. No further details are provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) **Description** The issue is related to an Out-Of-Bounds Read Information Disclosure. No further details are provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.