Trend Micro announced this week the release of security patches to address multiple vulnerabilities in its Apex One endpoint security product, including a zero-day vulnerability, tracked as CVE-2022-40139 (CVSS 3.0 SCORE 7.2), which is actively exploited.
The CVE-2022-40139 flaw is an improper validation issue related to a rollback function, an agent can exploit the vulnerability to download unverified rollback components and execute arbitrary code.
The company pointed out that the vulnerability could be exploited only by an attacker that had access to authentication data.
Trend Micro did not share details of the attacks exploiting this vulnerability.
