CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55631 – Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55631
31 Dec 2024 — An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target syste... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53647
https://notcve.org/view.php?id=CVE-2024-53647
31 Dec 2024 — Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. • https://helpcenter.trendmicro.com/en-us/article/tmka-06710 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52050 – Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-52050
31 Dec 2024 — A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the t... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52049 – Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-52049
31 Dec 2024 — A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must fi... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52048 – Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-52048
31 Dec 2024 — A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must fi... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52047 – Trend Micro Apex One widget getWidgetPoolManager Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-52047
31 Dec 2024 — A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the ... • https://success.trendmicro.com/en-US/solution/KA-0016669 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.0EPSS: 6%CPEs: 1EXPL: 0CVE-2024-51503 – Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51503
19 Nov 2024 — A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally a... • https://success.trendmicro.com/en-US/solution/KA-0018154 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45335
https://notcve.org/view.php?id=CVE-2024-45335
22 Oct 2024 — Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. • https://helpcenter.trendmicro.com/en-us/article/tmka-07255 • CWE-1037: Processor Optimization Removal or Modification of Security-critical Code •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45334
https://notcve.org/view.php?id=CVE-2024-45334
22 Oct 2024 — Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. • https://helpcenter.trendmicro.com/en-us/article/TMKA-14461 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48903 – Trend Micro Deep Security Improper Access Control Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-48903
17 Oct 2024 — An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target... • https://success.trendmicro.com/en-US/solution/KA-0017997 • CWE-269: Improper Privilege Management •