Last updated on December 12th, 2022 at 02:45 pm

Security solutions provider Trend Micro has released security updates regarding a zero-day vulnerability identified in Apex One and Apex One SaaS endpoint security solutions that is known to be actively exploited by threat actors.

The security vulnerability with code CVE-2022-40139 is caused by incorrect input validation in the application’s Rollback function. An authenticated remote user with access to the Admin console could exploit the security vulnerability to force Agents to download unverified malicious Rollback components.

In addition to the CVE-2022-40139 vulnerability, Trend Micro has also fixed several medium-risk security issues (CVE-2022-40141, CVE-2022-40144). The first vulnerability (CVE-2022-40141) allows threat actors to access sensitive data. The second (CVE-2022-40144) allows remote threat actors to bypass authentication checks and gain unauthorized access to the application.

Users using Trend Micro Apex One and Apex One SaaS 2019 versions are recommended to immediately apply the published updates in order not to be the target of attacks that can be carried out using these vulnerabilities.

Critical Zero-Day Alarm on Trend Micro Apex One

What is BEC (Business Email Compromise) Attack?

What Is Smishing and How To Protect Yourself?

Security Newsletter | March 30, 2023

What is Incident Response and How to Build It?

We know what hackers know about you

Solutions

Use Case

Partners

Company