KEVIntel
Back to KEVs
7.2
CVSS
High

CVE-2022-40139

PUBLISHED

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Trend Micro
Product
Trend Micro Apex One
Published
Sep 19, 2022
EPSS

Description

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

cisa nessus_scanner

CVSS scores

CVSS v3.1 7.2 High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2022-09-15 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Sep 15, 2022

Scanner integrations

Scanner Reference Detected
Nessus https://www.tenable.com/plugins/nessus/164982 Jun 02, 2025

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public

  • Detected by Nessus