CVE-2022-40139

Description

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

References

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics