Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Trend Micro Worry-Free Business Security by Trend Micro, Inc.

    CVE-2023-41179 (GCVE-0-2023-41179)

    Vulnerability from nvd – Published: 2023-09-19 13:44 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.12380 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One Affected: SaaS , < 14.0.12637 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Affected: 10.0 SP1 , < 10.0 SP1 Build 2495 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Services Affected: SaaS , < 6.7.3578 / 14.3.1105 (semver)
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security Affected: 10.0
        cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security_services Affected: 0 , < * (custom)
        cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:54:05.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000294994"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000294706"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90967486/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security_services",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41179",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T14:33:08.513391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:37.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-21T00:00:00.000Z",
                "value": "CVE-2023-41179 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.12380",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.12637",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "10.0 SP1 Build 2495",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security Services",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "6.7.3578 / 14.3.1105",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-21T12:26:39.088Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/solution/000294994"
            },
            {
              "url": "https://success.trendmicro.com/jp/solution/000294706"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90967486/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-41179",
        "datePublished": "2023-09-19T13:44:57.831Z",
        "dateReserved": "2023-08-24T14:57:42.645Z",
        "dateUpdated": "2025-10-21T23:05:37.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41179 (GCVE-0-2023-41179)

    Vulnerability from cvelistv5 – Published: 2023-09-19 13:44 – Updated: 2025-10-21 23:05
    VLAI CISA KEVIntel
    Summary
    A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.12380 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One Affected: SaaS , < 14.0.12637 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Affected: 10.0 SP1 , < 10.0 SP1 Build 2495 (semver)
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Worry-Free Business Security Services Affected: SaaS , < 6.7.3578 / 14.3.1105 (semver)
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security Affected: 10.0
        cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
    Create a notification for this product.
    trendmicro worry-free_business_security_services Affected: 0 , < * (custom)
        cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*
    Create a notification for this product.
    trendmicro apex_one Affected: 2019
        cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:54:05.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/solution/000294994"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/jp/solution/000294706"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90967486/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "worry-free_business_security_services",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apex_one",
                "vendor": "trendmicro",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2019"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41179",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T14:33:08.513391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-09-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:37.728Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-09-21T00:00:00.000Z",
                "value": "CVE-2023-41179 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.12380",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.12637",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "10.0 SP1 Build 2495",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Trend Micro Worry-Free Business Security Services",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "6.7.3578 / 14.3.1105",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-21T12:26:39.088Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/solution/000294994"
            },
            {
              "url": "https://success.trendmicro.com/jp/solution/000294706"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90967486/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-41179",
        "datePublished": "2023-09-19T13:44:57.831Z",
        "dateReserved": "2023-08-24T14:57:42.645Z",
        "dateUpdated": "2025-10-21T23:05:37.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }