CVE-2022-40139CISA KEVEPSS p85.3%

CVE-2022-40139CVE-2022-40139

trendmicro / apex_one

Description

Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.

Scoring

CVSS 7.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS2.93% probability of exploitation · percentile 85.3% · 2026-06-19T12:03:05Z
Last modified2026-06-17

CISA KEV entry

Added to KEV: 2022-09-15

(incoming)1

TypeTargetConfidenceTier
KEVEntryTrend Micro Apex One and Apex One as a Service Improper Validation Vulnerabilitykev-cve-2022-401390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Trend Micro Multiple Products Improper Input Validation Vulnerability
CVE
Trend Micro Apex One OS Command Injection Vulnerability
CVE
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
CVE
Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
CVE
CVE-2025-49155
CVE
CVE-2025-71211
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.