Vulnerability DatabaseCVE-2022-41746

CVE-2022-41746:
Trend Micro Apex One Agent vulnerability analysis and mitigation

Overview

A forced browsing vulnerability (CVE-2022-41746) was discovered in Trend Micro Apex One that could allow an attacker with access to the Apex One console to escalate privileges. The vulnerability was disclosed on October 7th, 2022, affecting Apex One installations (Zero Day Initiative).

Technical details

The specific vulnerability exists within the Apex One web console. By navigating directly to a URL, an authenticated user can bypass authorization and gain write access to server configuration. The vulnerability has been assigned a CVSS v3.0 score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating its critical severity (Zero Day Initiative).

Impact

An attacker can leverage this vulnerability to escalate privileges and reconfigure the server and associated endpoint agents. This could potentially lead to significant system compromise and unauthorized control over the Apex One infrastructure (Zero Day Initiative).

Mitigation and workarounds

Trend Micro has issued an update to correct this vulnerability. Users should apply the latest security patches to their Apex One installations to prevent potential exploitation (Zero Day Initiative).

Additional resources

Source: This report was generated using AI

Related Trend Micro Apex One Agent vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-54987	CRITICAL	9.8	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	No	Yes	Aug 05, 2025
CVE-2025-54948	CRITICAL	9.8	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	Yes	Yes	Aug 05, 2025
CVE-2025-49158	HIGH	7.8	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	No	Yes	Jun 17, 2025
CVE-2025-49157	HIGH	7.8	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	No	Yes	Jun 17, 2025
CVE-2025-49156	HIGH	7.8	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	No	Yes	Jun 17, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-41746: Trend Micro Apex One Agent vulnerability analysis and mitigation