CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Oct 6, 2022

CVE-2022-40139

High

EPSS 12.9%CISA KEV

Trend Micro/Apex One and Apex One as a Service

Description

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

EPSS — Exploit Probability

12.9%

Higher than 93.9% of all CVEs

Required Action

https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 12.9%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Sep 15, 2022

Added to KEV

Sep 15, 2022

Remediation Due

Oct 6, 2022

Affected Product

Trend Micro

Apex One and Apex One as a Service

View all Trend Micro CVEs

External Links

NVD (NIST)CVE Details MITRE CVE