[English]The Trend Micro security solution Apex One and Apex One as a Service (SaaS) has serious vulnerabilities, which the manufacturer has closed via a security update. Administrators using the products should install updates promptly.
Advertising
Apex One and Apex One as a Service (SaaS) are two security solutions from Trend Micro designed to scan endpoints for malware infection and protect the relevant devices from malware or ransomware. Only at the End of August 2020 Trend Micro warned about vulnerabilities in Apex One and Office Scan XG. Now new vulnerabilities have been patched.
Effective September 24, 2020, Trend Micro has released an updated version of the BULLETIN: August 2020 Security Bulletin for Trend Micro Apex One and Apex One as a Service. Product security updates have been released to address vulnerabilities in Apex One and Apex One as a Service (SaaS). The manufacturer writes about this:
Release Date: September 24, 2020
CVE Identifier(s): CVE-2020-24563 through 24565; CVE-2020-25770 through CVE-2020-25774
Platform(s): Windows
CVSS 3.0 Score(s): 3.3 – 7.8
Severity Rating(s): Low – HighTrend Micro has released new patches for Trend Micro Apex One and Apex One as a Service (SaaS). These patches resolve multiple vulnerabilities related to out-of-bounds read information disclosure, authentication bypass, and issues with a server migration tool component.
Trend Micro has released the following security updates to address this issue in the Windows versions of its products:
The readme files contain details about the fixes. For example, the module Trend Micro Data Loss Prevention™ (DLP) could not block webmail in "Outlook.com" in any web browser. The behavior monitoring feature of Apex One can cause problems with CPU usage on protected computers.
