clayton@site:~/news$ cat cve-2022-40139-trend-micro-apex-one-and-apex-one-as-a-service.log

CVE-2022-40139 — Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

2022-09-15 • CISA Known Exploited Vulnerability

[event] Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	Trend Micro
Product	Apex One and Apex One as a Service
CWE	CWE-353, CWE-641
CVE ID	CVE-2022-40139
Date Added	2022-09-15
Due Date	2022-10-06
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-10-06

> REFERENCES

[1] https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-40139