CVE-2022-40144

A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations.

Published: Sep 19, 2022
Updated: Nov 8, 2023
CVE: CVE-2022-40144
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
trendmicro / apex_one	2019	2019.x

https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
https://jvn.jp/en/jp/JVN36454862/index.html
https://success.trendmicro.com/solution/000291528
https://www.ipa.go.jp/security/ciadr/vul/20220913-jvn.html

Vulnerability Database

290,020

CVE-2022-40144