CVE-2024-48904 – Trend Micro Cloud Edge REST API Command Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2024-48904

17 Oct 2024 — An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Cloud Edge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST API, which listens on TCP port 8443 by default. The issue resu... • https://github.com/zetraxz/CVE-2024-48904 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •