CVE-2022-41746

Critical

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected…

trendmicro·CWE-425·Published 2022-10-10

CVSS

9.1

EPSS

0.01

KEV

Exploits

cve.orgen

332 chars

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

NVDen

332 chars

NVDes

371 chars

Una vulnerabilidad de navegación forzada en Trend Micro Apex One podría permitir a un atacante con acceso a la consola de Apex One en las instalaciones afectadas escalar privilegios y modificar determinadas agrupaciones de agentes. Nota: un atacante debe obtener primero la capacidad de iniciar sesión en la consola web de Apex One para poder explotar esta vulnerabilidad

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.1	2.3	6.0	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H