cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-55955,https://securityvulnerability.io/vulnerability/CVE-2024-55955,Incorrect Permissions Assignment in Trend Micro Deep Security Agents,"The vulnerability in Trend Micro Deep Security 20.0 agents arises from incorrect permissions assignment, affecting versions between 20.0.1-9400 and 20.0.1-23340. This flaw permits local attackers, who have already executed low-privileged code, to escalate their privileges on compromised installations. Remedial actions are essential to ensure that security configurations are correctly set to mitigate potential exploitation risks.",Trend Micro,Trend Micro Deep Security,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2024-12-31T16:19:35.471Z,0
CVE-2024-51503,https://securityvulnerability.io/vulnerability/CVE-2024-51503,Manual Scan Command Injection Vulnerability in Trend Micro Deep Security 20 Agent Could Allow Privilege Escalation and Code Execution,"The vulnerability CVE-2024-51503 is a critical security flaw in the Trend Micro Deep Security 20 Agent, allowing attackers to execute arbitrary code on affected machines, potentially leading to privilege escalation across the domain. This vulnerability affects the manual scan feature within Trend Micro Deep Security, specifically on systems running Deep Security 20. The exploitation of this vulnerability requires the attacker to have local access to the system and domain user privileges. Trend Micro has released updated versions of the affected products to mitigate the vulnerability and strongly encourages users to apply these patches immediately. Despite the complexity of exploiting this flaw, Trend Micro advises customers to update to the latest builds of their software to ensure maximum security.",Trend Micro,Trend Micro Deep Security,8,HIGH,0.0004299999854993075,false,true,false,true,,false,false,2024-11-19T19:15:00.000Z,0
CVE-2024-36358,https://securityvulnerability.io/vulnerability/CVE-2024-36358,Low-Privilege Code Execution Vulnerability in Trend Micro Deep Security 20.x Agents Could Lead to Privilege Escalation,"A vulnerability exists in the Trend Micro Deep Security 20.x agents prior to build 20.0.1-3180 that allows local attackers to escalate privileges. This vulnerability stems from a link following weakness, which requires an attacker to first execute low-privileged code on the impacted system. Exploitation of this flaw could enable unauthorized escalation of system privileges, posing significant risks to affected environments.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-06-10T22:15:00.000Z,0
CVE-2023-52338,https://securityvulnerability.io/vulnerability/CVE-2023-52338,Link Following Vulnerability in Trend Micro Deep Security and Cloud One Products,"A link following vulnerability exists within Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. This flaw permits a local attacker to escalate privileges on systems where these products are installed. However, to exploit this vulnerability, an adversary must first execute low-privileged code on the targeted system, which creates a preliminary access requirement for successful exploitation. Organizations using these affected products are advised to implement appropriate security measures to mitigate potential risks associated with this vulnerability.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-01-23T20:43:13.069Z,0
CVE-2023-52337,https://securityvulnerability.io/vulnerability/CVE-2023-52337,Improper Access Control in Trend Micro Deep Security and Cloud One Products,"An improper access control vulnerability exists within Trend Micro's Deep Security 20.0 and Cloud One - Endpoint and Workload Security Agent. This vulnerability permits local attackers to escalate their privileges on systems where the affected products are installed. To exploit this vulnerability, an attacker must first execute low-privileged code on the target machine. This highlights the essential need for robust access control measures to safeguard against unauthorized privilege escalation, reinforcing the importance of secure software development practices.",Trend Micro,Trend Micro Deep Security Agent,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-01-23T20:42:58.280Z,0
CVE-2022-40710,https://securityvulnerability.io/vulnerability/CVE-2022-40710,,A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.,Trend Micro,Trend Micro Deep Security,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-09-28T21:10:25.000Z,0
CVE-2022-40709,https://securityvulnerability.io/vulnerability/CVE-2022-40709,,"An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.",Trend Micro,Trend Micro Deep Security,3.3,LOW,0.00044999999227002263,false,false,false,false,,false,false,2022-09-28T21:10:24.000Z,0
CVE-2022-40708,https://securityvulnerability.io/vulnerability/CVE-2022-40708,,"An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.",Trend Micro,Trend Micro Deep Security,3.3,LOW,0.00044999999227002263,false,false,false,false,,false,false,2022-09-28T21:10:23.000Z,0
CVE-2022-40707,https://securityvulnerability.io/vulnerability/CVE-2022-40707,,"An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.",Trend Micro,Trend Micro Deep Security,3.3,LOW,0.00044999999227002263,false,false,false,false,,false,false,2022-09-28T21:10:22.000Z,0
CVE-2022-23120,https://securityvulnerability.io/vulnerability/CVE-2022-23120,,A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.,Trend Micro,Trend Micro Deep Security Agent For Linux,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-01-20T18:11:18.000Z,0
CVE-2022-23119,https://securityvulnerability.io/vulnerability/CVE-2022-23119,,A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.,Trend Micro,Trend Micro Deep Security Agent For Linux,7.5,HIGH,0.0022799998987466097,false,false,false,false,,false,false,2022-01-20T18:11:17.000Z,0
CVE-2020-8602,https://securityvulnerability.io/vulnerability/CVE-2020-8602,,"A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.",Trend Micro,"Trend Micro Deep Security,Trend Micro Vulnerability Management",7.2,HIGH,0.0026599999982863665,false,false,false,false,,false,false,2020-08-27T20:35:19.000Z,0
CVE-2020-15601,https://securityvulnerability.io/vulnerability/CVE-2020-15601,,"If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.",Trend Micro,Trend Micro Deep Security,8.1,HIGH,0.005189999938011169,false,false,false,false,,false,false,2020-08-27T20:35:18.000Z,0
CVE-2020-8607,https://securityvulnerability.io/vulnerability/CVE-2020-8607,,An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.,Trend Micro,"Trend Micro Apex One,Trend Micro Officescan,Trend Micro Deep Security,Trend Micro Worry-free Business Security,Trend Micro Security (consumer Family),Trend Micro Safe Lock,Trend Micro Serverprotect,Trend Micro Portable Security,Trend Micro Housecall,Trend Micro Anti-threat Toolkit (attk),Trend Micro Rootkit Buster",6.7,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2020-08-05T14:05:23.000Z,0
CVE-2019-18191,https://securityvulnerability.io/vulnerability/CVE-2019-18191,,A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.,Trend Micro,Trend Micro Deep Security As A Service,8.8,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2019-12-16T21:00:15.000Z,0
CVE-2019-9488,https://securityvulnerability.io/vulnerability/CVE-2019-9488,,"Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).",Trend Micro,"Trend Micro Deep Security,Trend Micro Vulnerability Protection",4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2019-09-11T18:00:08.000Z,0