CVE-2022-40139 - Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Trend Micro | Apex One and Apex One as a Service

• Date Added:
• 2022-09-15

• Due Date:
• 2022-10-06

Vulnerability Name

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Description

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139

Latest Security News

Credential Theft Becomes Cybercriminals' Favorite Target

Ferret Malware Added to 'Contagious Interview' Campaign

Zyxel won’t patch newly exploited flaws in end-of-life routers

Google Play, Apple App Store apps caught stealing crypto wallets

Cybercriminals Court Traitorous Insiders via Ransom Notes

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Cyber agencies share security guidance for network edge devices

Chinese cyberspies use new SSH backdoor in network device hacks

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2015-6175 Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2012-5076 Oracle Java SE Sandbox Bypass Vulnerability

Common CWEs

CWE-312 Cleartext Storage of Sensitive Information

HighCWE-640 Weak Password Recovery Mechanism for Forgotten Password

CWE-179 Incorrect Behavior Order: Early Validation

CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State

HighCWE-650 Trusting HTTP Permission Methods on the Server Side

CWE-733 Compiler Optimization Removal or Modification of Security-critical Code

CWE-436 Interpretation Conflict

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CWE-241 Improper Handling of Unexpected Data Type

CWE-765 Multiple Unlocks of a Critical Resource