Multiple Trend Micro Products Vulnerabilities

January 7, 2025

Severity

High

Analysis Summary

CVE-2024-55955 CVSS:6.7

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.

CVE-2024-55917 CVSS:7.8

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

CVE-2024-55632 CVSS:7.8

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

CVE-2024-55631 CVSS:7.8

An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

CVE-2024-53647 CVSS:6.5

Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.

CVE-2024-52050 CVSS:7.8

A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

CVE-2024-52049 CVSS:7.8

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048.

CVE-2024-52048 CVSS:7.8

CVE-2024-52047 CVSS:7.5

A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.

Impact