Page 4 of 180 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to ex... • https://success.trendmicro.com/en-US/solution/KA-0019344 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw ex... • https://success.trendmicro.com/en-US/solution/KA-0019355 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw ex... • https://success.trendmicro.com/en-US/solution/KA-0019355 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

09 Apr 2025 — A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action. This vulnerability allows remote attackers to disclose sensitive information on affected... • https://success.trendmicro.com/en-US/solution/KA-0019355 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •