CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31286
https://notcve.org/view.php?id=CVE-2025-31286
02 Apr 2025 — An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31285
https://notcve.org/view.php?id=CVE-2025-31285
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31284
https://notcve.org/view.php?id=CVE-2025-31284
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31283
https://notcve.org/view.php?id=CVE-2025-31283
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 0EPSS: %CPEs: 1EXPL: 0CVE-2025-31282
https://notcve.org/view.php?id=CVE-2025-31282
02 Apr 2025 — A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0019386 • CWE-269: Improper Privilege Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58105
https://notcve.org/view.php?id=CVE-2024-58105
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-286: Incorrect User Management •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58104
https://notcve.org/view.php?id=CVE-2024-58104
25 Mar 2025 — A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55955 – Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55955
31 Dec 2024 — An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first... • https://success.trendmicro.com/en-US/solution/KA-0018571 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55917 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55917
31 Dec 2024 — An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target sys... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55632 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55632
31 Dec 2024 — A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the targe... • https://success.trendmicro.com/en-US/solution/KA-0018217 • CWE-269: Improper Privilege Management •