cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55917,https://securityvulnerability.io/vulnerability/CVE-2024-55917,Origin Validation Error in Trend Micro Apex One Affecting Local Users,"An origin validation error vulnerability exists in Trend Micro Apex One, permitting local attackers to elevate privileges on compromised systems. To exploit this vulnerability, an attacker must first gain the capacity to execute low-privileged code within the target environment. As such, the risk is contingent on the initial foothold within the system, which could facilitate further malicious activities.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:16:43.723Z,0
CVE-2024-55632,https://securityvulnerability.io/vulnerability/CVE-2024-55632,Privilege Escalation Vulnerability in Trend Micro Apex One,"A vulnerability in Trend Micro Apex One arises from improper validation of security agent links, which could enable a local attacker with low-privileged code execution to escalate their privileges. This flaw opens doors for unauthorized actions that may compromise the targeted system's integrity. To successfully exploit this vulnerability, an attacker needs initial access to the targeted environment, highlighting the importance of securing entry points to maintain overall system safety.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:16:01.207Z,0
CVE-2024-55631,https://securityvulnerability.io/vulnerability/CVE-2024-55631,Local Privilege Escalation Vulnerability in Trend Micro Apex One,"An engine link following vulnerability exists in Trend Micro Apex One, which could enable a local attacker to escalate privileges on installations that are affected. For successful exploitation, the attacker must first gain the capability to execute low-privileged code on the target system, providing a potential pathway for unauthorized access and control.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:15:20.397Z,0
CVE-2024-52050,https://securityvulnerability.io/vulnerability/CVE-2024-52050,Arbitrary File Creation Vulnerability in Trend Micro Apex One,"A vulnerability exists in Trend Micro Apex One allowing local attackers to carry out arbitrary file creation. This exploitation requires prior execution of low-privileged code on the target system, leading to potential privilege escalation, thus threatening the integrity and confidentiality of affected installations. System administrators must be vigilant to safeguard against unauthorized access and ensure that security measures are in place.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:13:49.837Z,0
CVE-2024-52049,https://securityvulnerability.io/vulnerability/CVE-2024-52049,Local Privilege Escalation Vulnerability in Trend Micro Apex One,"A security vulnerability in Trend Micro Apex One related to LogServer links permits a local attacker to escalate privileges on compromised installations. While similar to another identified vulnerability, it presents distinct challenges. Exploitation requires the adversary to have already executed low-privileged code on the target system. This highlights a significant risk, as successful exploitation may allow unauthorized users to gain elevated access and perform potentially harmful actions within the affected system.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:13:12.794Z,0
CVE-2024-52048,https://securityvulnerability.io/vulnerability/CVE-2024-52048,Local Privilege Escalation Vulnerability in Trend Micro Apex One,"A vulnerability in the LogServer linking mechanism of Trend Micro Apex One could allow an attacker with local access to the system to escalate their privileges. This vulnerability requires the attacker to have already established the ability to execute low-privileged code on the target system, thereby raising security concerns for affected installations. While this vulnerability shares similarities with other identified vulnerabilities, it poses unique risks that necessitate immediate attention and remediation.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:11:41.737Z,0
CVE-2024-52047,https://securityvulnerability.io/vulnerability/CVE-2024-52047,Local File Inclusion Vulnerability in Trend Micro Apex One,"A vulnerability present in Trend Micro Apex One enables local file inclusion, allowing a remote attacker to execute arbitrary code on compromised installations. This security flaw necessitates that the attacker has previously gained the capability to run low-privileged code on the affected system, presenting a serious risk. Exploiting this vulnerability could lead to unauthorized access and control over sensitive data, making it imperative for organizations to prioritize patching and mitigation strategies to safeguard their environments.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:09:28.937Z,0
CVE-2024-51503,https://securityvulnerability.io/vulnerability/CVE-2024-51503,Manual Scan Command Injection Vulnerability in Trend Micro Deep Security 20 Agent Could Allow Privilege Escalation and Code Execution,"The vulnerability CVE-2024-51503 is a critical security flaw in the Trend Micro Deep Security 20 Agent, allowing attackers to execute arbitrary code on affected machines, potentially leading to privilege escalation across the domain. This vulnerability affects the manual scan feature within Trend Micro Deep Security, specifically on systems running Deep Security 20. The exploitation of this vulnerability requires the attacker to have local access to the system and domain user privileges. Trend Micro has released updated versions of the affected products to mitigate the vulnerability and strongly encourages users to apply these patches immediately. Despite the complexity of exploiting this flaw, Trend Micro advises customers to update to the latest builds of their software to ensure maximum security.",Trend Micro,Trend Micro Deep Security,8,HIGH,0.0004299999854993075,false,,true,false,true,2024-11-20T08:59:45.000Z,,false,false,,2024-11-19T19:15:00.000Z,0
CVE-2024-46902,https://securityvulnerability.io/vulnerability/CVE-2024-46902,Vulnerability in Trend Micro Deep Discovery Inspector Could Allow Sensitive Information Disclosure,"An identified vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above creates a potential for attackers to disclose sensitive information from compromised installations. To exploit this vulnerability, an attacker must first secure administrative user rights on the target system. This pre-requisite highlights the importance of controlling access to high-privilege accounts, as exploitation hinges on obtaining these elevated permissions. Organizations utilizing Trend Micro DDI should prioritize reviewing their security practices and user access controls to mitigate the risks associated with this vulnerability.",Trend Micro,Deep Discovery Inspector,9.1,CRITICAL,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-10-22T19:15:00.000Z,0
CVE-2024-45334,https://securityvulnerability.io/vulnerability/CVE-2024-45334,Unauthorized Access Vulnerability in Trend Micro Antivirus One,"Trend Micro Antivirus One versions 3.10.4 and below are susceptible to an Arbitrary Configuration Update vulnerability. This flaw enables attackers to gain unauthorized access to critical product configurations and functions, potentially compromising system integrity and user security. Proper measures should be taken to review and update the affected products to prevent exploitation.",Trend Micro,Antivirus One,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-22T19:15:00.000Z,0
CVE-2024-36305,https://securityvulnerability.io/vulnerability/CVE-2024-36305,Local Privilege Escalation Vulnerability in Trend Micro Apex One,"A privilege escalation vulnerability exists in Trend Micro Apex One due to a flaw in the security agent link that enables a local attacker to gain elevated privileges. To successfully exploit this vulnerability, an attacker must first execute low-privileged code on the target system. This highlights the importance of maintaining robust cybersecurity practices and ensuring that vulnerable software installations are promptly updated to mitigate potential risks.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-32849,https://securityvulnerability.io/vulnerability/CVE-2024-32849,Privilege Escalation Vulnerability Affects Trend Micro Security 17.x (Consumer),"Trend Micro Security 17.x for Consumer users is susceptible to a Privilege Escalation vulnerability. This vulnerability can be exploited by a local attacker to delete privileged files belonging to Trend Micro, potentially affecting the integrity of the software's functionalities and user data. Timely patching and updates are advised to mitigate any risks associated with this vulnerability.",Trend Micro,Trend Micro Maximum Security (consumer),7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-36302,https://securityvulnerability.io/vulnerability/CVE-2024-36302,Origin Validation Vulnerability in Trend Micro Apex One Could Lead to Privilege Escalation,"The vulnerability in the Trend Micro Apex One security agent relates to inadequate origin validation, which could be leveraged by a local attacker to escalate privileges on impacted installations. To exploit this flaw, an attacker must first gain access to execute low-privileged code on the targeted system, making this issue particularly concerning for environments where users have limited access rights. This vulnerability bears resemblance to CVE-2024-36303 but presents its own unique set of risks.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-37289,https://securityvulnerability.io/vulnerability/CVE-2024-37289,Improper Access Control Vulnerability in Trend Micro Apex One Could Lead to Privilege Escalation,"An improper access control vulnerability has been identified in Trend Micro Apex One, which could potentially enable a local attacker to escalate privileges on affected installations. To exploit this vulnerability, the attacker must first gain the ability to execute low-privileged code on the target system. This flaw exposes systems to additional risks, allowing unauthorized access and control over the affected applications, highlighting the need for immediate attention and remediation measures.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-36303,https://securityvulnerability.io/vulnerability/CVE-2024-36303,Origin Validation Vulnerability in Trend Micro Apex One Could Lead to Privilege Escalation,"An origin validation vulnerability has been identified in the Trend Micro Apex One security agent that could be exploited by a local attacker seeking to escalate privileges on installations of the software. For successful exploitation, the attacker would need to first execute low-privileged code on the target system. This vulnerability poses a risk as it may allow unauthorized access to sensitive system resources, potentially compromising the integrity of the environment. Similar vulnerabilities like CVE-2024-36302 highlight the importance of robust validation mechanisms to mitigate such risks.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-36304,https://securityvulnerability.io/vulnerability/CVE-2024-36304,Local Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service,"A Time-of-Check Time-of-Use (TOCTOU) vulnerability exists within the Trend Micro Apex One and Apex One as a Service agent. This vulnerability enables a local attacker to escalate privileges, ultimately compromising the security and integrity of the system. Exploiting this vulnerability requires that the attacker first has the capability to execute code with low privileges on the target system. This underscores the importance of maintaining strict access controls and monitoring of local user activities to mitigate potential risks.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-36358,https://securityvulnerability.io/vulnerability/CVE-2024-36358,Low-Privilege Code Execution Vulnerability in Trend Micro Deep Security 20.x Agents Could Lead to Privilege Escalation,"A vulnerability exists in the Trend Micro Deep Security 20.x agents prior to build 20.0.1-3180 that allows local attackers to escalate privileges. This vulnerability stems from a link following weakness, which requires an attacker to first execute low-privileged code on the impacted system. Exploitation of this flaw could enable unauthorized escalation of system privileges, posing significant risks to affected environments.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2024-23940,https://securityvulnerability.io/vulnerability/CVE-2024-23940,Trend Micro uiAirSupport Vulnerable to DLL Hijacking/Proxying,"The DLL hijacking vulnerability in Trend Micro uiAirSupport affects versions 6.0.2092 and earlier, allowing an attacker to exploit the system by impersonating and manipulating a library. This exploitation could lead to unauthorized code execution within the affected product, potentially enabling privilege escalation on the user’s system. Users of Trend Micro Security 2023 should remain vigilant about this security issue and apply relevant updates or patches as they become available to mitigate the associated risks.",Trend Micro,Trend Micro Security (Consumer) uiAirSupport,7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-01-29T18:22:34.819Z,0
CVE-2023-52338,https://securityvulnerability.io/vulnerability/CVE-2023-52338,Link Following Vulnerability in Trend Micro Deep Security and Cloud One Products,"A link following vulnerability exists within Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. This flaw permits a local attacker to escalate privileges on systems where these products are installed. However, to exploit this vulnerability, an adversary must first execute low-privileged code on the targeted system, which creates a preliminary access requirement for successful exploitation. Organizations using these affected products are advised to implement appropriate security measures to mitigate potential risks associated with this vulnerability.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-01-23T20:43:13.069Z,0
CVE-2023-52337,https://securityvulnerability.io/vulnerability/CVE-2023-52337,Improper Access Control in Trend Micro Deep Security and Cloud One Products,"An improper access control vulnerability exists within Trend Micro's Deep Security 20.0 and Cloud One - Endpoint and Workload Security Agent. This vulnerability permits local attackers to escalate their privileges on systems where the affected products are installed. To exploit this vulnerability, an attacker must first execute low-privileged code on the target machine. This highlights the essential need for robust access control measures to safeguard against unauthorized privilege escalation, reinforcing the importance of secure software development practices.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-01-23T20:42:58.280Z,0
CVE-2023-52331,https://securityvulnerability.io/vulnerability/CVE-2023-52331,Server-Side Request Forgery Vulnerability in Trend Micro Apex Central,"A post-authenticated server-side request forgery (SSRF) vulnerability exists in Trend Micro Apex Central, raising concerns about the potential for malicious actors to interact with internal or local services. To exploit this vulnerability, an attacker must possess the capability to execute low-privileged code on the affected system, which may enable them to gain unauthorized access to sensitive internal resources.",Trend Micro,Trend Micro Apex Central,7.1,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-01-23T20:42:46.349Z,0
CVE-2023-52325,https://securityvulnerability.io/vulnerability/CVE-2023-52325,Local File Inclusion Vulnerability in Trend Micro Apex Central,A local file inclusion vulnerability has been identified in a widget of Trend Micro Apex Central. This vulnerability permits remote attackers to execute arbitrary code on installations of the application. It requires the attacker to have valid credentials to the target system and must be combined with another vulnerability for effective exploitation. Proper security measures and patches should be implemented immediately to mitigate risks associated with this vulnerability.,Trend Micro,Trend Micro Apex Central,7.5,HIGH,0.01448999997228384,false,,false,false,false,,,false,false,,2024-01-23T20:41:25.754Z,0
CVE-2023-52324,https://securityvulnerability.io/vulnerability/CVE-2023-52324,Unrestricted File Upload Vulnerability in Trend Micro Apex Central,"An unrestricted file upload vulnerability exists in Trend Micro Apex Central that enables a remote attacker to create arbitrary files on vulnerable installations. While the presence of valid credentials is necessary for exploitation, this vulnerability poses a significant risk as it can be leveraged to upload malicious files. Furthermore, it may be utilized in conjunction with other vulnerabilities to facilitate the execution of arbitrary code, thus compromising the integrity and security of the affected systems.",Trend Micro,Trend Micro Apex Central,8.8,HIGH,0.005319999996572733,false,,false,false,false,,,false,false,,2024-01-23T20:41:10.369Z,0
CVE-2023-52094,https://securityvulnerability.io/vulnerability/CVE-2023-52094,Local Privilege Escalation in Trend Micro Apex One Agent,"A vulnerability exists within the updater mechanism of the Trend Micro Apex One agent, which can be exploited by local attackers. This flaw allows unauthorized users with low-privileged access to manipulate the updater to delete arbitrary folders on compromised installations. Successful exploitation requires the attacker to first gain execution access to low-privileged code on the affected system, potentially leading to a local privilege escalation scenario. remediation actions should be taken to address this vulnerability.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One as a Service",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-01-23T20:40:30.228Z,0
CVE-2023-52093,https://securityvulnerability.io/vulnerability/CVE-2023-52093,Local Privilege Escalation Vulnerability in Trend Micro Apex One Agent,"The vulnerability in the Trend Micro Apex One agent exposes dangerous functions that can be exploited by local attackers. By leveraging this vulnerability, attackers who have already gained access to execute low-privileged code on the system can escalate their privileges, potentially compromising sensitive data and resources. This issue underscores the importance of maintaining robust security practices and timely updates to mitigate risks associated with such vulnerabilities.",Trend Micro,"Trend Micro Apex One,Trend Micro Apex One As A Service",7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-01-23T20:40:17.347Z,0