Business Success
Trend Micro Automation Center is a central hub for APIs and documentation across Trend Micro products. It offers searchable cross-product APIs and use cases for IT and security teams to automate tasks and improve efficiency.
Learn moreThe Education Portal serves as a comprehensive resource for Trend Micro employees to develop their professional capabilities. Through a variety of curated training modules, employees can deepen their understanding of company culture, product knowledge, processes, and essential soft skills.
Learn moreThe Trend Micro Online Help Center provides customers with comprehensive product information and troubleshooting guidance. It offers general product usage information and in-depth solutions for complex issues.
Learn moreTrend Micro Service Status Portal provides real-time information on the performance of Trend Micro products. It offers up-to-date incident reports and historical data for monitoring system health.
Learn moreTrendConnect is a mobile application that provides users with real-time insights into their Trend Micro security environment, including threat alerts and system health assessments.
Learn moreAs of March 18, 2025, there is an updated process flow to submit MDR-related cases. Please visit this article for details.
Trend Micro endeavors to develop and release products that meet the highest standards of quality and security. However, there are rare occasions where an unintended vulnerability may be discovered due to various reasons, including new types of exploits that may be developed after the release of a product.
We take and investigate every vulnerability report very seriously and we are committed to thoroughly resolving any issues in a timely manner. Trend Micro follows the guidelines of responsible disclosure to ensure its customers address potential vulnerabilities as quickly as possible to mitigate associated risks.
A Security Vulnerability is defined as a weakness or flaw found in a product or related service component(s) that could be exploited. It may allow an attacker to compromise the product's integrity. At the same time, it may undermine the regular behavior of the product even when properly deployed in supported configuration. This includes situations wherein the confidentiality (e.g. source code) of a product or service component(s) may be negatively affected.
Traditional product bugs and malware can also negatively affect the operation of a product. However, for the purpose of this process, these are not included in the definition of a security vulnerability.
Trend Micro highly recommends that security researchers contact the Trend Micro's Product Security Incident Response Team (PSIRT) by sending an email tosecurity@trendmicro.com.
Submitters are encouraged to utilizeTrend Micro’s Product Security PGP key(Key ID: 4569-E470-8C08-EEE9) to encrypt sensitive information sent to this address.
A Trend Micro PSIRT Vulnerability Coordinator will acknowledge the receipt of the submission and then begin the process of collaborating with the submitter and Trend Micro product security engineers on validating, reproducing, and ultimately resolving the potential issue if it is confirmed to be a legitimate security vulnerability.
Trend Micro's goal is to resolve confirmed vulnerabilities as quickly and thoroughly as possible, then efficiently distribute the resolution to affected customers.
Since each vulnerability is unique, the time frames in which they are addressed can vary. Ongoing dialog is highly encouraged to best understand the vulnerability and possible risks.
Responsible security researchers understand that customer security is a priority. This means customers are given ample time to deploy the fixes before any findings are released on a public forum, blog, or social media platform.
It is Trend Micro’s general policy not to recommend or pursue legal action against any responsible security researcher who is engaging in good faith and responsible efforts to test, identify and report potential vulnerabilities in Trend Micro products via our vulnerability response process.
If necessary, Trend Micro will release a security bulletin when a fix or mitigation is publicly available and will work with submitters on coordinated disclosures (if desired).
Security bulletins will typically include CVE assignments if the vulnerability meets the necessary criteria, and Trend Micro is the recognized CVE Numbering Authority (CNA) issuer for CVEs that are attributed to Trend Micro products.
Please note: only emails regarding product vulnerabilities should be sent tosecurity@trendmicro.com. Regular product support, including malware and other threat-related inquiries, should be directed to your region's authorized Trend Micro Technical Support representative.
Title click to sort claims by name | Product version click to sort claims by product version | Updated date click to sort claims by last published date | Published date click to sort claims by first published date |
|---|---|---|---|
| SECURITY UPDATE: Trend Micro Products and curl (CVE-2024-7264) Vulnerability | 2025/04/09 | 2024/09/13 | |
| SECURITY ALERT: OpenSSL 3.x X.509 Email Address Buffer Overflows (CVE-2022-3602, CVE-2022-3786) | Apex One as a Service2019,Deep Security20.0,Trend Vision OneAll,Apex One2019,Deep Discovery Inspector6.2,Interscan Web Security Virtual Appliance6.5,Cloud One - Endpoint and Workload SecurityAll | 2025/04/08 | 2022/10/31 |
| SECURITY ALERT: Apache Log4j "Log4Shell" Remote Code Execution 0-Day Vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) | Cloud One - Network Security5.5.0.10605,Deep Discovery Inspector6.0,Deep Security20.0,Trend Vision OneAll,Cloud One - Application Security1.0,Cloud One - Open Source Security by SnykAll,Worry-Free Business Security StandardAll,Worry-Free Business Security ServicesAll,Cloud One - Endpoint and Workload SecurityAll,TippingPoint Digital VaccineAll,Worry-Free Business Security AdvancedAll | 2025/04/08 | 2021/12/10 |
| SECURITY ALERT: Attack Campaign Utilizing Microsoft Exchange 0-Day (CVE-2022-41040 and CVE-2022-41082) | Apex One as a Service2019,Deep Security20.0,Trend Vision OneAll,Apex One2019,ScanMail for Exchange14.0,Cloud One - Endpoint and Workload SecurityAll | 2025/04/08 | 2022/09/29 |
| SECURITY ALERT: Improper Authorization Vulnerability in Confluence Data Center and Server (CVE-2023-22518) | Cloud One - Network Security5.5.0.10605,Deep Security20.0,Trend Vision OneAll,Cloud One - Network SecurityAll,Cloud One - Endpoint and Workload SecurityAll | 2025/04/08 | 2023/11/09 |
| SECURITY ALERT: MS Office and Windows HTML RCE Vulnerability (CVE-2023-36884) | Trend Vision OneAll | 2025/04/08 | 2023/07/14 |
| INFORMATIONAL BULLETIN (No Customer Action Required): Trend Vision One Broken Access Control and HTML Injection | 2025/04/07 | 2025/04/02 | |
| SECURITY BULLETIN: April 2025 for Apex Central | Apex Central2019,Apex CentralAll | 2025/04/01 | 2025/04/01 |
| SECURITY BULLETIN: Trend Micro Deep Security 20.0 Agent Link Following Vulnerabilities | Deep Security20.0 | 2025/04/01 | 2025/04/01 |
| SECURITY BULLETIN: December 2024 for Trend Micro Apex One | 2025/03/31 | 2024/12/16 |
Trend Micro would like to thank the following security researchers and organizations for working with us to resolve one or more security vulnerabilities in our products and services. The names of individuals or organizations listed below have disclosed one or more security vulnerabilities and have actively worked with Trend Micro engineers to resolve these vulnerabilities.
The names of individuals and organizations appear below with their permission.
We would also like to thank the security researchers and organizations who wished not to be listed.
To report a potential security issue with any of Trend Micro Products, refer to this section:Report a Vulnerability.
Trend Micro's PSIRT is an active member of the following organizations:
| Organization | Role | Website |
|---|---|---|
 | Trend Micro is the primary CVE Numbering Authority (CNA) for issuing CVEs for vulnerabilities in Trend Micro Products. | CVE - CVE Numbering Authorities (mitre.org) |
 | Trend Micro PSIRT is a member of Forum of Incident Response and Security Teams (FIRST). | FIRST Teams |
 | Trend Micro is proud to be one of the initial signatories to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Secure By Design Pledge launched on May 8, 2024, which focuses on seven core areas of technology and product security. | Secure by Design Pledge | CISA |