CVE-2022-41746

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

Published: Oct 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-41746
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-425

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
trendmicro / apex_one	2019	2019.x

https://success.trendmicro.com/solution/000291645
https://www.zerodayinitiative.com/advisories/ZDI-22-1403/

Vulnerability Database

289,784

CVE-2022-41746