NVD disclosure day

Published threat advisories for September 19, 2022

CVE-2022-40139

Trend Micro Apex One Vulnerability Allows Code Execution.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

Trend Micro Apex One and Apex One as a Service clients have a rollback validation flaw. An administrator with console access could direct clients to download unverified packages, potentially leading to remote code execution. This poses a risk of client system compromise.

NVD published: September 19, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-35914

GLPI Allows PHP Code Injection

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in a GLPI module allows for PHP code injection. This could enable unauthorized access to systems and data, posing a business risk. Organizations should review their GLPI instances for potential impact.

NVD published: September 19, 2022 • CISA KEV