First published: Thu Sep 15 2022(Updated: )
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.
Credit: security@trendmicro.com security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Apex One | ||
Trendmicro Apex One | =2019 | |
Microsoft Windows | ||
Trend Micro Apex One and Apex One as a Service | ||
All of | ||
Any of | ||
Trendmicro Apex One | ||
Trendmicro Apex One | =2019 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-40139 is an improper validation vulnerability in Trend Micro Apex One and Apex One as a Service clients.
CVE-2022-40139 allows an Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.
CVE-2022-40139 has a severity rating of 7.2 (high).
Trend Micro Apex One and Apex One as a Service clients are affected by CVE-2022-40139.
To fix CVE-2022-40139, update Trend Micro Apex One and Apex One as a Service clients to the latest version available, as recommended by Trend Micro.