—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Trend Micro Apex One

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Apex One 2019 (On-prem) Server and Agent builds prior to 17079

Apex One as a Service, TrendAI Vision One Endpoint Security – Standard Endpoint Pro-tection (SEP) Agent builds prior to 14.0.20731

Overview

Multiple vulnerabilities have been reported in Trend Micro Apex One products, which could allow an attacker to escalate privileges, and execute malicious code on the targeted system.

Target Audience:

All end-user organizations and individuals using Trend Micro Apex One products.

Risk Assessment:

High risk of privilege escalation, arbitrary code execution.

Impact Assessment:

Potential for remote code execution, privilege escalation and/or compromise of system.

Description

Trend Micro Apex One is an endpoint security solution designed to provide threat detection, malware protection, and centralized security management for enterprise environments.

Multiple vulnerabilities have been reported in Trend Micro Apex One products due to improper origin validation, directory traversal flaws, and time-of-check time-of-use (TOCTOU) issues in the Apex One server and security agent components.

Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, and execute malicious code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://success.trendmicro.com/en-US/solution/KA-0023430

Vendor Information

Trend Micro

http://success.trendmicro.com/

References

 

https://success.trendmicro.com/en-US/solution/KA-0023430

CVE Name

CVE-2026-34927

CVE-2026-34928

CVE-2026-34929

CVE-2026-34930

CVE-2026-45206

CVE-2026-45207

CVE-2026-45208

CVE-2026-34926

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmotS7cACgkQ3jCgcSdc

ys8vuw//Rp7WpcPRssIMrJl7bHhEOEOwNi1e6ErC2R3JIQ7lEguh6lqjQ6aciXxX

iOeeVn3+MtF3YPEAKgtu1hqii6FbvBKpefuzIoJYnj21Q2fHrg9SE6TVGv371VQu

jSleolT67e30Pz9/+8RQQJ9gtvGNQRTg8v9almZ+peSbu+mSseKhlJB0S706xckQ

WQ2BHJ3VB+NiA4YuN69CRck6aX9UbSx06VA3B8foi20rrQVXeUFQ0hPGYWZBNdOA

QWJIEfyGa8S6tpqEopZtzw0FZeja6ZWms4OXHt1aU9OqBLDfJuBSDrX/Sy2Q26hh

ScVEBgdQ2UngnHZ/pNO4CNM4fuKBkpCaK6ZXjC28bgQbZ1JM7HPphZE5Mc3jpgTk

64ConT+khxTY6aafQltSthceQJqh9/oFpfhe5x3ZkXGH0YTCEYMCDY6gd3ATxnOu

LBe/bZZpr/zjj+Jlm7H8d7G+yuoQYsCIKtILyDN11+dLfF3mbyPX3mqBTZoYAPBR

c8qpwEz4g+kBfnnOaf7GWTnzLubgLnrZ5aoxTRLKx/SWev5mss/aTSamSkVmpuit

oDhkLvkk/OruDZxo7NDBeMNz1d2xmKNAm0ON3w806pd3LaWreor8QngtrybDRTu/

mfKlqKK5ESAHtklnffQoHgE0xWC5WXaYVhtnVe3KK1pjQflrfjM=

=f9lM

—–END PGP SIGNATURE—–