Trend Micro Apex One On-Premise Directory Traversal Vulnerability Allowing Code Injection

A directory traversal vulnerability has been identified in the on-premise version of Trend Micro Apex One. This vulnerability allows a pre-authenticated local attacker with administrative credentials to modify a key table on the server, injecting malicious code that can be deployed to agents on affected installations. The vulnerability is not present in the cloud-based version of Apex One or in TrendAI Vision One Endpoint Security - Standard Endpoint Protection.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of files on the Apex One server, allowing injected code to be distributed to the security agents on affected installations.

Remediation

Users of Trend Micro Apex One (On-Premise) should apply Service Pack 1 Critical Patch B18012 for the server and Agent Build 14.0.18012. For those who have already applied the previous Critical Patch 17079 or installed a fresh 17079 build, no action is needed as they are already protected. Instructions for downloading the patch are available on the Trend Micro Download Center.