Search

Find a vulnerability

Search criteria

    13 vulnerabilities found for Worry-Free Business Security by Trend Micro, Inc.

    JVNDB-2025-009150

    Vulnerability from jvndb - Published: 2025-07-17 17:03 - Updated:2025-07-17 17:03

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-009150.html",
      "dc:date": "2025-07-17T17:03+09:00",
      "dcterms:issued": "2025-07-17T17:03+09:00",
      "dcterms:modified": "2025-07-17T17:03+09:00",
      "description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-009150.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_central",
          "@product": "Apex Central",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:apex_one_as_a_service",
          "@product": "Apex One as a Service",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2025-009150",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU96526886/",
          "@id": "JVNVU#96526886",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49154",
          "@id": "CVE-2025-49154",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49155",
          "@id": "CVE-2025-49155",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49156",
          "@id": "CVE-2025-49156",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49157",
          "@id": "CVE-2025-49157",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49158",
          "@id": "CVE-2025-49158",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49219",
          "@id": "CVE-2025-49219",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49220",
          "@id": "CVE-2025-49220",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-49487",
          "@id": "CVE-2025-49487",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-53378",
          "@id": "CVE-2025-53378",
          "@source": "CVE"
        }
      ],
      "title": "Security updates for Trend Micro products (June 2025)"
    }

    JVNDB-2023-003721

    Vulnerability from jvndb - Published: 2023-09-20 13:58 - Updated:2024-05-09 18:22
    Severity
    Summary
    Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution
    Details
    Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module. Trend Micro Incorporated states that an attack exploiting this vulnerability has been observed. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003721.html",
      "dc:date": "2024-05-09T18:22+09:00",
      "dcterms:issued": "2023-09-20T13:58+09:00",
      "dcterms:modified": "2024-05-09T18:22+09:00",
      "description": "Trend Micro Endpoint security products for enterprises provided by Trend Micro Incorporated contain an arbitrary code execution vulnerability (CWE-94, CVE-2023-41179) in 3rd Party AV Uninstaller Module.\r\n\r\nTrend Micro Incorporated states that an attack exploiting this vulnerability has been observed.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003721.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.1",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2023-003721",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU90967486/index.html",
          "@id": "JVNVU#90967486",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-41179",
          "@id": "CVE-2023-41179",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41179",
          "@id": "CVE-2023-41179",
          "@source": "NVD"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2023/at230021.html",
          "@id": "JPCERT-AT-2023-0021",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "@id": "CVE-2023-41179",
          "@source": "CISA Known Exploited Vulnerabilities Catalog"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        }
      ],
      "title": "Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution"
    }

    JVNDB-2022-002265

    Vulnerability from jvndb - Published: 2022-08-18 15:45 - Updated:2024-06-14 17:11
    Severity
    Summary
    Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation
    Details
    Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002265.html",
      "dc:date": "2024-06-14T17:11+09:00",
      "dcterms:issued": "2022-08-18T15:45+09:00",
      "dcterms:modified": "2024-06-14T17:11+09:00",
      "description": "Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002265.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2022-002265",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU96643038/index.html",
          "@id": "JVNVU#96643038",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-36336",
          "@id": "CVE-2022-36336",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36336",
          "@id": "CVE-2022-36336",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-59",
          "@title": "Link Following(CWE-59)"
        }
      ],
      "title": "Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation"
    }

    JVNDB-2022-001380

    Vulnerability from jvndb - Published: 2022-03-02 17:07 - Updated:2022-03-02 17:07
    Summary
    Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)
    Details
    Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001380.html",
      "dc:date": "2022-03-02T17:07+09:00",
      "dcterms:issued": "2022-03-02T17:07+09:00",
      "dcterms:modified": "2022-03-02T17:07+09:00",
      "description": "Trend Micro Incorporated has released multiple security updates for Trend Micro Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001380.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2022-001380",
      "sec:references": {
        "#text": "https://jvn.jp/en/vu/JVNVU96994445/index.html",
        "@id": "JVNVU#96994445",
        "@source": "JVN"
      },
      "title": "Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022)"
    }

    JVNDB-2021-003385

    Vulnerability from jvndb - Published: 2021-10-26 12:35 - Updated:2021-10-26 12:35
    Summary
    Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation
    Details
    Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
    References
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003385.html",
      "dc:date": "2021-10-26T12:35+09:00",
      "dcterms:issued": "2021-10-26T12:35+09:00",
      "dcterms:modified": "2021-10-26T12:35+09:00",
      "description": "Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-003385.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:apex_one_as_a_service",
          "@product": "Apex One as a Service",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:worry_free_business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2021-003385",
      "sec:references": {
        "#text": "https://jvn.jp/en/vu/JVNVU92842857/",
        "@id": "JVNVU#92842857",
        "@source": "JVN"
      },
      "title": "Trend Micro Endpoint security products for enterprises vulnerable to privilege escalation"
    }

    JVNDB-2021-002279

    Vulnerability from jvndb - Published: 2021-08-19 15:01 - Updated:2021-08-19 15:01
    Summary
    Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises
    Details
    Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
    References
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002279.html",
      "dc:date": "2021-08-19T15:01+09:00",
      "dcterms:issued": "2021-08-19T15:01+09:00",
      "dcterms:modified": "2021-08-19T15:01+09:00",
      "description": "Trend Micro Incorporated has released a security update for multiple Endpoint security products for enterprises.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002279.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:identifier": "JVNDB-2021-002279",
      "sec:references": {
        "#text": "https://jvn.jp/en/vu/JVNVU90091573/",
        "@id": "JVNVU#90091573",
        "@source": "JVN"
      },
      "title": "Incorrect permission assignment vulnerability in multiple Trend Micro Endpoint security products for enterprises"
    }

    JVNDB-2021-002077

    Vulnerability from jvndb - Published: 2021-08-04 11:15 - Updated:2021-08-04 11:15
    Severity
    Summary
    Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises
    Details
    Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. * Incorrect Permission Assignment (CWE-732) - CVE-2021-32464 * Improper Preservation of Permissions (CWE-281) - CVE-2021-32465 * Improper Input Validation (CWE-20) - CVE-2021-36741 * Improper Input Validation (CWE-20) - CVE-2021-36742 Trend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
      "dc:date": "2021-08-04T11:15+09:00",
      "dcterms:issued": "2021-08-04T11:15+09:00",
      "dcterms:modified": "2021-08-04T11:15+09:00",
      "description": "Multiple Endpoint security products for enterprises provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n* Incorrect Permission Assignment (CWE-732) - CVE-2021-32464\r\n* Improper Preservation of Permissions (CWE-281) - CVE-2021-32465\r\n* Improper Input Validation (CWE-20) - CVE-2021-36741\r\n* Improper Input Validation (CWE-20) - CVE-2021-36742\r\n\r\nTrend Micro Incorporated states that attacks against CVE-2021-36741 and CVE-2021-36742 have been observed.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002077.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:apex_one",
          "@product": "Apex One",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.2",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-002077",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU93876919/index.html",
          "@id": "JVNVU#93876919",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32464",
          "@id": "CVE-2021-32464",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32465",
          "@id": "CVE-2021-32465",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36741",
          "@id": "CVE-2021-36741",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36742",
          "@id": "CVE-2021-36742",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32464",
          "@id": "CVE-2021-32464",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32465",
          "@id": "CVE-2021-32465",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36742",
          "@id": "CVE-2021-36742",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36741",
          "@id": "CVE-2021-36741",
          "@source": "NVD"
        },
        {
          "#text": "https://www.jpcert.or.jp/at/2021/at210033.html",
          "@id": "JPCERT-AT-2021-0033",
          "@source": "JPCERT"
        },
        {
          "#text": "https://cisa.gov/known-exploited-vulnerabilities-catalog",
          "@id": "CVE-2021-36741, CVE-2021-36742",
          "@source": "CISA Known Exploited Vulnerabilities Catalog"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        },
        {
          "#text": "http://cwe.mitre.org/data/definitions/281.html",
          "@id": "CWE-281",
          "@title": "Improper Preservation of Permissions(CWE-281)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/732.html",
          "@id": "CWE-732",
          "@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple Trend Micro Endpoint security products for enterprises"
    }

    JVNDB-2018-000013

    Vulnerability from jvndb - Published: 2018-02-15 16:39 - Updated:2018-04-11 12:23
    Severity
    Summary
    Insecure DLL Loading issue in multiple Trend Micro products
    Details
    Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427). When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded. Hidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
      "dc:date": "2018-04-11T12:23+09:00",
      "dcterms:issued": "2018-02-15T16:39+09:00",
      "dcterms:modified": "2018-04-11T12:23+09:00",
      "description": "Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427).\r\n When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded.\r\n\r\nHidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:deep_security",
          "@product": "Trend Micro Deep Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:endpoint_sensor",
          "@product": "Trend Micro Endpoint Sensor",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:security",
          "@product": "Trend Micro Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
          "@product": "OfficeScan",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000013",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN28865183/index.html",
          "@id": "JVN#28865183",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6218",
          "@id": "CVE-2018-6218",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-6218",
          "@id": "CVE-2018-6218",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20180215-jvn.html",
          "@id": "Security Alert for Vulnerability in multiple Trend Micro products (JVN#28865183)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Insecure DLL Loading issue in multiple Trend Micro products"
    }

    JVNDB-2016-000089

    Vulnerability from jvndb - Published: 2016-06-02 16:18 - Updated:2016-06-22 17:58
    Severity
    Summary
    Trend Micro enterprise products HTTP header injection vulnerability
    Details
    Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000089.html",
      "dc:date": "2016-06-22T17:58+09:00",
      "dcterms:issued": "2016-06-02T16:18+09:00",
      "dcterms:modified": "2016-06-22T17:58+09:00",
      "description": "Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. \r\n\r\nAccording to the developer, exploiting the vulnerability requires access to the LAN environment of the user.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000089.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "2.9",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.2",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000089",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN48847535/index.html",
          "@id": "JVN#48847535",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1224",
          "@id": "CVE-2016-1224",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1224",
          "@id": "CVE-2016-1224",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-noinfo",
          "@title": "No Mapping(CWE-noinfo)"
        }
      ],
      "title": "Trend Micro enterprise products HTTP header injection vulnerability"
    }

    JVNDB-2016-000074

    Vulnerability from jvndb - Published: 2016-06-02 16:18 - Updated:2016-06-22 17:56
    Severity
    Summary
    Trend Micro enterprise products directory traversal vulnerability
    Details
    Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html",
      "dc:date": "2016-06-22T17:56+09:00",
      "dcterms:issued": "2016-06-02T16:18+09:00",
      "dcterms:modified": "2016-06-22T17:56+09:00",
      "description": "Multiple enterprise products provided by Trend Micro Incorporated contain a directory traversal vulnerability. \r\n\r\nAccording to the developer, exploiting the vulnerability requires access to the LAN environment of the user.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000074.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security_services",
          "@product": "Worry-Free Business Security Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
          "@product": "OfficeScan",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000074",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN48847535/index.html",
          "@id": "JVN#48847535",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223",
          "@id": "CVE-2016-1223",
          "@source": "CVE"
        },
        {
          "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1223",
          "@id": "CVE-2016-1223",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "Trend Micro enterprise products directory traversal vulnerability"
    }

    JVNDB-2007-000135

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00
    Severity
    N/A (UNKNOWN) - -
    Summary
    CCC Cleaner buffer overflow vulnerability
    Details
    CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables. This vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro's website. CCC Cleaner is affected by this vulnerability only when the following file is contained in the "CCC Cleaner" folder. Filenames: lpt$vpn.185 As of February 13, 2006, Trend Micro has announced that the vulnerability "the Anti-Rootkit Common Module (TmComm.sys)" disclosed on February 11, 2006 does not affect CCC Cleaner. For more information, refer to the vendor's website.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000135.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "CCC Cleaner, provided by Cyber Clean Center between January 25 and February 9, 2007, contains a buffer overflow vulnerability that occurs when it scans UPX-packed executables.\r\n\r\nThis vulnerability is caused by a buffer overflow vulnerability in the scan processing of UPX compressed executables found in TrendMicro Antivirus. For details of this vulnerability, please refer to TrendMicro\u0027s website.\r\n\r\nCCC Cleaner is affected by this vulnerability only when the following file is contained in the \"CCC Cleaner\" folder.\r\n\r\nFilenames:  lpt$vpn.185\r\n\r\nAs of February 13, 2006, Trend Micro has announced that the vulnerability \"the Anti-Rootkit Common Module (TmComm.sys)\" disclosed on February 11, 2006 does not affect CCC Cleaner.  For more information, refer to the vendor\u0027s website.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000135.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:ccc_cleaner",
          "@product": "CCC Cleaner",
          "@vendor": "Cyber Clean Center",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:anti-spyware_for_consumer",
          "@product": "Trend Micro Anti-Spyware for Consumer",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:anti-spyware_for_enterprise",
          "@product": "Trend Micro Anti-Spyware for Enterprise",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:anti-spyware_for_smb",
          "@product": "Trend Micro Anti-Spyware for SMB",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:antivirus",
          "@product": "Trend Micro Antivirus",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:business_security",
          "@product": "Worry-Free Business Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:client_server_messaging_security_for_smb",
          "@product": "Client / Server / Messaging Security for SMB",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:damage_cleanup_services",
          "@product": "Damage Cleanup Services",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:pc_cillin_internet_security",
          "@product": "Trend Micro PC Cillin Internet Security",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:rootkit_provision_module_tmcomm.sys",
          "@product": "Rootkit Provision Module (TmComm.sys)",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:virus_baster",
          "@product": "Virus Baster",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.4",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000135",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN77366274/index.html",
          "@id": "JVN#77366274",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0856",
          "@id": "CVE-2007-0856",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0856",
          "@id": "CVE-2007-0856",
          "@source": "NVD"
        },
        {
          "#text": "http://www.kb.cert.org/vuls/id/282240",
          "@id": "VU#282240",
          "@source": "CERT-VN"
        },
        {
          "#text": "http://www.kb.cert.org/vuls/id/666800",
          "@id": "VU#666800",
          "@source": "CERT-VN"
        },
        {
          "#text": "http://secunia.com/advisories/24069/",
          "@id": "SA24069",
          "@source": "SECUNIA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/22448",
          "@id": "22448",
          "@source": "BID"
        },
        {
          "#text": "http://xforce.iss.net/xforce/xfdb/32353",
          "@id": "32353",
          "@source": "XF"
        },
        {
          "#text": "http://www.securitytracker.com/id?1017604",
          "@id": "1017604",
          "@source": "SECTRACK"
        },
        {
          "#text": "http://www.securitytracker.com/id?1017605",
          "@id": "1017605",
          "@source": "SECTRACK"
        },
        {
          "#text": "http://www.securitytracker.com/id?1017606",
          "@id": "1017606",
          "@source": "SECTRACK"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2007/0521",
          "@id": "FrSIRT/ADV-2007-0521",
          "@source": "FRSIRT"
        }
      ],
      "title": "CCC Cleaner buffer overflow vulnerability"
    }

    CVE-2025-49154 (GCVE-0-2025-49154)

    Vulnerability from nvd – Published: 2025-06-17 18:42 – Updated: 2025-06-17 20:25
    VLAI
    Summary
    An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.14002 (semver)
        cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One as a Service Affected: SaaS , < 14.0.14492 (semver)
        cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Worry-Free Business Security Affected: 10.0 SP1 , < 2514 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:23:50.312099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:25:33.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.14002",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One as a Service",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.14492",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "2514",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T18:42:10.085Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
            },
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019936"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2025-49154",
        "datePublished": "2025-06-17T18:42:10.085Z",
        "dateReserved": "2025-06-02T17:43:08.723Z",
        "dateUpdated": "2025-06-17T20:25:33.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-49154 (GCVE-0-2025-49154)

    Vulnerability from cvelistv5 – Published: 2025-06-17 18:42 – Updated: 2025-06-17 20:25
    VLAI
    Summary
    An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Trend Micro, Inc. Trend Micro Apex One Affected: 2019 (14.0) , < 14.0.0.14002 (semver)
        cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Trend Micro Apex One as a Service Affected: SaaS , < 14.0.14492 (semver)
        cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*
    Create a notification for this product.
    Trend Micro, Inc. Worry-Free Business Security Affected: 10.0 SP1 , < 2514 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-49154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-17T20:23:50.312099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T20:25:33.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_op:14.0.0.14002:p3:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.0.14002",
                  "status": "affected",
                  "version": "2019 (14.0)",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14492:ga:*:*:*:*:*:*"
              ],
              "product": "Trend Micro Apex One as a Service",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "14.0.14492",
                  "status": "affected",
                  "version": "SaaS",
                  "versionType": "semver"
                }
              ]
            },
            {
              "product": "Worry-Free Business Security",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "2514",
                  "status": "affected",
                  "version": "10.0 SP1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-17T18:42:10.085Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
            },
            {
              "url": "https://success.trendmicro.com/en-US/solution/KA-0019936"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2025-49154",
        "datePublished": "2025-06-17T18:42:10.085Z",
        "dateReserved": "2025-06-02T17:43:08.723Z",
        "dateUpdated": "2025-06-17T20:25:33.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }