Refine your search
5 vulnerabilities found for Trend Micro Apex One by Trend Micro, Inc.
jvndb-2025-010854
Vulnerability from jvndb
Published
2025-08-07 12:25
Modified
2025-08-19 11:36
Severity ?
Summary
Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection
Details
Trend Micro Endpoint security products for enterprises contain the following vulnerabilities.
<ul><li>OS command injection vulnerability in the management console (CWE-78) - CVE-2025-54948, CVE-2025-54987</li></ul>
Trend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observed in the wild.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010854.html",
"dc:date": "2025-08-19T11:36+09:00",
"dcterms:issued": "2025-08-07T12:25+09:00",
"dcterms:modified": "2025-08-19T11:36+09:00",
"description": "Trend Micro Endpoint security products for enterprises contain the following vulnerabilities.\r\n\u003cul\u003e\u003cli\u003eOS command injection vulnerability in the management console (CWE-78) - CVE-2025-54948, CVE-2025-54987\u003c/li\u003e\u003c/ul\u003e\r\nTrend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observed in the wild.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010854.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:trend_micro_apex_one",
"@product": "Trend Micro Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:trend_vision_one",
"@product": "Trend Vision One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.4",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-010854",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92409854/index.html",
"@id": "JVNVU#92409854",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54948",
"@id": "CVE-2025-54948",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-54987",
"@id": "CVE-2025-54987",
"@source": "CVE"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2025/at250016.html",
"@id": "JPCERT-AT-2025-0016",
"@source": "JPCERT AT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection"
}
CVE-2025-54948 (GCVE-0-2025-54948)
Vulnerability from nvd
Published
2025-08-05 13:00
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OS Command Injection
Summary
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ cpe:2.3:a:trendmicro:apexone_server:14.0.0.14039:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54948",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T14:39:41.164980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:21.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-18T00:00:00+00:00",
"value": "CVE-2025-54948 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_server:14.0.0.14039:*:*:*:*:*:*:*"
],
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.14039",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: OS Command Injection",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:00:19.905Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0020652"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-54948",
"datePublished": "2025-08-05T13:00:19.905Z",
"dateReserved": "2025-08-01T14:13:10.297Z",
"dateUpdated": "2025-10-21T22:45:21.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41179 (GCVE-0-2023-41179)
Vulnerability from nvd
Published
2023-09-19 13:44
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:05.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000294994"
},
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000294706"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90967486/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apex_one",
"vendor": "trendmicro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "worry-free_business_security",
"vendor": "trendmicro",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
],
"defaultStatus": "unknown",
"product": "worry-free_business_security_services",
"vendor": "trendmicro",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
],
"defaultStatus": "unknown",
"product": "apex_one",
"vendor": "trendmicro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-41179",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:33:08.513391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-09-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:37.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-21T00:00:00+00:00",
"value": "CVE-2023-41179 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.12380",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.12637",
"status": "affected",
"version": "SaaS\t",
"versionType": "semver"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "10.0 SP1 Build 2495",
"status": "affected",
"version": "10.0 SP1",
"versionType": "semver"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security Services",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "6.7.3578 / 14.3.1105 ",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T12:26:39.088Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/solution/000294994"
},
{
"url": "https://success.trendmicro.com/jp/solution/000294706"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90967486/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-41179",
"datePublished": "2023-09-19T13:44:57.831Z",
"dateReserved": "2023-08-24T14:57:42.645Z",
"dateUpdated": "2025-10-21T23:05:37.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54948 (GCVE-0-2025-54948)
Vulnerability from cvelistv5
Published
2025-08-05 13:00
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OS Command Injection
Summary
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ cpe:2.3:a:trendmicro:apexone_server:14.0.0.14039:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54948",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T14:39:41.164980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-08-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:21.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54948"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-18T00:00:00+00:00",
"value": "CVE-2025-54948 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apexone_server:14.0.0.14039:*:*:*:*:*:*:*"
],
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.14039",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: OS Command Injection",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T13:00:19.905Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0020652"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2025-54948",
"datePublished": "2025-08-05T13:00:19.905Z",
"dateReserved": "2025-08-01T14:13:10.297Z",
"dateUpdated": "2025-10-21T22:45:21.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41179 (GCVE-0-2023-41179)
Vulnerability from cvelistv5
Published
2023-09-19 13:44
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:05.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000294994"
},
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/jp/solution/000294706"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90967486/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apex_one",
"vendor": "trendmicro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "worry-free_business_security",
"vendor": "trendmicro",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*"
],
"defaultStatus": "unknown",
"product": "worry-free_business_security_services",
"vendor": "trendmicro",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:saas:*:*:*"
],
"defaultStatus": "unknown",
"product": "apex_one",
"vendor": "trendmicro",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-41179",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:33:08.513391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-09-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:37.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-21T00:00:00+00:00",
"value": "CVE-2023-41179 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.12380",
"status": "affected",
"version": "2019 (14.0)",
"versionType": "semver"
}
]
},
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.12637",
"status": "affected",
"version": "SaaS\t",
"versionType": "semver"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "10.0 SP1 Build 2495",
"status": "affected",
"version": "10.0 SP1",
"versionType": "semver"
}
]
},
{
"product": "Trend Micro Worry-Free Business Security Services",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "6.7.3578 / 14.3.1105 ",
"status": "affected",
"version": "SaaS",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T12:26:39.088Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/solution/000294994"
},
{
"url": "https://success.trendmicro.com/jp/solution/000294706"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90967486/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-41179",
"datePublished": "2023-09-19T13:44:57.831Z",
"dateReserved": "2023-08-24T14:57:42.645Z",
"dateUpdated": "2025-10-21T23:05:37.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}