Antivirus software provider Trend Micro has released patches to address multiple vulnerabilities in its Apex One and Apex One SaaS endpoint security solution, including a zero-day issue said to have been exploited by malicious actors.
The zero-day in question is tracked as CVE-2022-40139 and allows a remote user to compromise the vulnerable system. The vulnerability exists due to improper input validation within the rollback functionality. By exploiting the vulnerability, a remote authenticated user with access to the administrative console can force the agent into downloading unverified rollback components and compromise the affected system.
In addition to CVE-2022-40139, the vendor has also fixed a couple of medium-risk security issues (CVE-2022-40141, CVE-2022-40144), with the first one allowing to gain access to sensitive data, and the latter providing a remote attacker a way to bypass authentication process and get unauthorized access to the application.
The remaining three bugs (CVE-2022-40140, CVE-2022-40142, CVE-2022-40143) are deemed low security risk and could be used to perform denial-of-service (DoS) attacks, or execute arbitrary code with elevated privileges via a malicious link.
All users are strongly advised to apply patches as soon as possible.