cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55955,https://securityvulnerability.io/vulnerability/CVE-2024-55955,Incorrect Permissions Assignment in Trend Micro Deep Security Agents,"The vulnerability in Trend Micro Deep Security 20.0 agents arises from incorrect permissions assignment, affecting versions between 20.0.1-9400 and 20.0.1-23340. This flaw permits local attackers, who have already executed low-privileged code, to escalate their privileges on compromised installations. Remedial actions are essential to ensure that security configurations are correctly set to mitigate potential exploitation risks.",Trend Micro,Trend Micro Deep Security,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-31T16:19:35.471Z,0
CVE-2024-51503,https://securityvulnerability.io/vulnerability/CVE-2024-51503,Manual Scan Command Injection Vulnerability in Trend Micro Deep Security 20 Agent Could Allow Privilege Escalation and Code Execution,"The vulnerability CVE-2024-51503 is a critical security flaw in the Trend Micro Deep Security 20 Agent, allowing attackers to execute arbitrary code on affected machines, potentially leading to privilege escalation across the domain. This vulnerability affects the manual scan feature within Trend Micro Deep Security, specifically on systems running Deep Security 20. The exploitation of this vulnerability requires the attacker to have local access to the system and domain user privileges. Trend Micro has released updated versions of the affected products to mitigate the vulnerability and strongly encourages users to apply these patches immediately. Despite the complexity of exploiting this flaw, Trend Micro advises customers to update to the latest builds of their software to ensure maximum security.",Trend Micro,Trend Micro Deep Security,8,HIGH,0.0004299999854993075,false,,true,false,true,2024-11-20T08:59:45.000Z,,false,false,,2024-11-19T19:15:00.000Z,0
CVE-2024-36358,https://securityvulnerability.io/vulnerability/CVE-2024-36358,Low-Privilege Code Execution Vulnerability in Trend Micro Deep Security 20.x Agents Could Lead to Privilege Escalation,"A vulnerability exists in the Trend Micro Deep Security 20.x agents prior to build 20.0.1-3180 that allows local attackers to escalate privileges. This vulnerability stems from a link following weakness, which requires an attacker to first execute low-privileged code on the impacted system. Exploitation of this flaw could enable unauthorized escalation of system privileges, posing significant risks to affected environments.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-10T22:15:00.000Z,0
CVE-2023-52338,https://securityvulnerability.io/vulnerability/CVE-2023-52338,Link Following Vulnerability in Trend Micro Deep Security and Cloud One Products,"A link following vulnerability exists within Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. This flaw permits a local attacker to escalate privileges on systems where these products are installed. However, to exploit this vulnerability, an adversary must first execute low-privileged code on the targeted system, which creates a preliminary access requirement for successful exploitation. Organizations using these affected products are advised to implement appropriate security measures to mitigate potential risks associated with this vulnerability.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-01-23T20:43:13.069Z,0
CVE-2023-52337,https://securityvulnerability.io/vulnerability/CVE-2023-52337,Improper Access Control in Trend Micro Deep Security and Cloud One Products,"An improper access control vulnerability exists within Trend Micro's Deep Security 20.0 and Cloud One - Endpoint and Workload Security Agent. This vulnerability permits local attackers to escalate their privileges on systems where the affected products are installed. To exploit this vulnerability, an attacker must first execute low-privileged code on the target machine. This highlights the essential need for robust access control measures to safeguard against unauthorized privilege escalation, reinforcing the importance of secure software development practices.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-01-23T20:42:58.280Z,0
CVE-2022-40710,https://securityvulnerability.io/vulnerability/CVE-2022-40710,Privilege Escalation Vulnerability in Trend Micro Deep Security and Cloud One,"A privilege escalation vulnerability exists in Trend Micro's Deep Security 20 and Cloud One - Workload Security Agent for Windows. This issue allows a local attacker, who has already executed low-privileged code on the affected system, to escalate their privileges. By leveraging this vulnerability, an attacker can gain unauthorized access and potentially take control of sensitive resources. It is vital for users to be aware of this risk and ensure that they apply necessary patches and updates to safeguard their environments.",Trend Micro,Trend Micro Deep Security,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-09-28T21:10:25.000Z,0
CVE-2022-40709,https://securityvulnerability.io/vulnerability/CVE-2022-40709,Out-of-Bounds Read Vulnerability in Trend Micro Deep Security for Windows,"An out-of-bounds read vulnerability exists in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows, allowing local attackers to potentially disclose sensitive information from the affected installations. To exploit this vulnerability, an attacker must first have the ability to execute low-privileged code on the target system. This vulnerability, while similar to others identified, has its unique attributes and impacts.",Trend Micro,Trend Micro Deep Security,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-09-28T21:10:24.000Z,0
CVE-2022-40708,https://securityvulnerability.io/vulnerability/CVE-2022-40708,Out-of-Bounds Read Vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Windows,"An Out-of-bounds read vulnerability exists in Trend Micro's Deep Security 20 and the Cloud One - Workload Security Agent for Windows. This vulnerability could allow a local attacker, who has already gained low-privileged code execution on the target system, to read sensitive data from memory that should not be accessible. The issue highlights the importance of protecting system boundaries to prevent unauthorized data access. For more details, refer to the Trend Micro advisory and Zero Day Initiative reports.",Trend Micro,Trend Micro Deep Security,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-09-28T21:10:23.000Z,0
CVE-2022-40707,https://securityvulnerability.io/vulnerability/CVE-2022-40707,Out-of-bounds Read Vulnerability in Trend Micro’s Deep Security and Cloud One Product,"An out-of-bounds read vulnerability exists in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows, which may allow a local attacker to disclose sensitive information from affected installations. To exploit this vulnerability, the attacker needs to first gain the ability to execute low-privileged code on the target system. This issue poses information disclosure risks and is akin to other vulnerabilities that may allow similar exploits.",Trend Micro,Trend Micro Deep Security,3.3,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-09-28T21:10:22.000Z,0
CVE-2022-23120,https://securityvulnerability.io/vulnerability/CVE-2022-23120,Code Injection Vulnerability in Trend Micro Deep Security and Cloud One Product,"A code injection vulnerability exists in Trend Micro's Deep Security and Cloud One - Workload Security Agent for Linux, specifically in versions 20 and below. This vulnerability allows an attacker, who has gained access to the target agent while it remains un-activated and unconfigured, to escalate privileges and execute arbitrary code with root privileges. This can lead to significant security risks if not addressed promptly. It is crucial for users to ensure their systems are properly configured and secured.",Trend Micro,Trend Micro Deep Security Agent For Linux,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-01-20T18:11:18.000Z,0
CVE-2022-23119,https://securityvulnerability.io/vulnerability/CVE-2022-23119,Directory Traversal Vulnerability in Trend Micro Deep Security for Linux,"A directory traversal vulnerability exists in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux versions 20 and below. This vulnerability permits unauthorized access to arbitrary files on the server's file system, granted that an attacker has already gained compromised access to the target Deep Security Manager (DSM) or the target agent has not yet been activated or configured. If exploited, this could lead to critical information disclosure and potential system compromise.",Trend Micro,Trend Micro Deep Security Agent For Linux,7.5,HIGH,0.0022799998987466097,false,,false,false,false,,,false,false,,2022-01-20T18:11:17.000Z,0
CVE-2020-8602,https://securityvulnerability.io/vulnerability/CVE-2020-8602,File Integrity Check Bypass in Trend Micro Management Consoles,"An authentication vulnerability has been identified in the management consoles of Trend Micro Deep Security and Vulnerability Protection, allowing an authenticated attacker with full control privileges to bypass crucial file integrity checks. This exploitation could lead to remote code execution, posing a significant risk to the integrity and security of affected systems.",Trend Micro,"Trend Micro Deep Security,Trend Micro Vulnerability Management",7.2,HIGH,0.0026599999982863665,false,,false,false,false,,,false,false,,2020-08-27T20:35:19.000Z,0
CVE-2020-15601,https://securityvulnerability.io/vulnerability/CVE-2020-15601,LDAP Authentication Bypass in Trend Micro Deep Security,"An LDAP authentication bypass vulnerability exists in Trend Micro Deep Security versions 10.x through 12.x, which may allow an unauthenticated attacker—who has prior knowledge of the organization—to bypass manager authentication if LDAP authentication is enabled. To mitigate this risk, implementing multi-factor authentication is recommended. It's important to note that installations using manager native authentication or SAML authentication are unaffected by this vulnerability.",Trend Micro,Trend Micro Deep Security,8.1,HIGH,0.005189999938011169,false,,false,false,false,,,false,false,,2020-08-27T20:35:18.000Z,0
CVE-2020-8607,https://securityvulnerability.io/vulnerability/CVE-2020-8607,Input Validation Vulnerability in Trend Micro Rootkit Protection Driver,"An input validation issue present in various Trend Micro products utilizing a specific version of the rootkit protection driver can potentially be exploited by an attacker with administrative privileges. This flaw allows unauthorized modification of kernel addresses, which may lead to system instability, crashes, or even execution of arbitrary code at the kernel level. The attacker must have already gained administrator access to the affected machine prior to exploitation, emphasizing the need for robust security measures to prevent initial unauthorized access.",Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Deep Security,Trend Micro Worry-free Business Security,Trend Micro Security (consumer Family),Trend Micro Safe Lock,Trend Micro Serverprotect,Trend Micro Portable Security,Trend Micro Housecall,Trend Micro Anti-threat Toolkit (attk),Trend Micro Rootkit Buster",6.7,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2020-08-05T14:05:23.000Z,0
CVE-2019-18191,https://securityvulnerability.io/vulnerability/CVE-2019-18191,Privilege Escalation Vulnerability in Trend Micro Deep Security Service,"A vulnerability exists in the Trend Micro Deep Security as a Service Quick Setup cloud formation template, allowing an authenticated entity with specific unrestricted AWS execution privileges to gain full privileges within the target AWS account. This escalation of privileges poses significant risks, enabling potential unauthorized actions within the AWS environment.",Trend Micro,Trend Micro Deep Security As A Service,8.8,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2019-12-16T21:00:15.000Z,0
CVE-2019-9488,https://securityvulnerability.io/vulnerability/CVE-2019-9488,XML External Entity Attack Vulnerability in Trend Micro Deep Security Manager,"Trend Micro Deep Security Manager is susceptible to an XML External Entity Attack, which could lead to unauthorized data exposure if exploited. Attackers need root or admin access to a protected host recognized by the Deep Security Manager to execute the attack. Mitigation strategies are essential to protect against potential exploitation.",Trend Micro,"Trend Micro Deep Security,Trend Micro Vulnerability Protection",4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2019-09-11T18:00:08.000Z,0