CVE-2022-41746

Summary

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro Apex One2019 (on-prem) and SaaSaffected

Weaknesses

  • Forced Browsing LPE

ADP Enrichment

CVE Program Container

Additional References

References