Vulnerability Description
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Apex One | - |
| Microsoft | Windows | - |
References
- https://success.trendmicro.com/solution/000291528PatchVendor Advisory
- https://success.trendmicro.com/solution/000291528PatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource
FAQ
What is CVE-2022-40139?
CVE-2022-40139 is a vulnerability with a CVSS score of 7.2 (HIGH). Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affe...
How severe is CVE-2022-40139?
CVE-2022-40139 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40139?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Apex One, Microsoft Windows.