Описание
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- US Government Resource
Уязвимые конфигурации
Одновременно
Одно из
EPSS
7.2 High
CVSS3
Дефекты
Связанные уязвимости
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.
Уязвимость реализации механизма отката обновления антивирусного программного средства Apex One, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.2 High
CVSS3