Lucene search

TrendmicroCVELIST:CVE-2024-37289

HistoryJun 10, 2024 - 9:22 p.m.

CVE-2024-37289

2024-06-1021:22:34

trendmicro

www.cve.org

access control

trend micro

apex one

local attacker

privilege escalation

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.4%

JSON

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "2019 (14.0)",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "14.0.0.12980"
      }
    ]
  },
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Apex One as a Service",
    "versions": [
      {
        "version": "SaaS\t",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "14.0.13139"
      }
    ]
  }
]

References

success.trendmicro.com/dcx/s/solution/000298063

www.zerodayinitiative.com/advisories/ZDI-24-577/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.4%

JSON

Related for CVELIST:CVE-2024-37289