July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Johnson Controls iSTAR Pro and ICU Vulnerability
June 7, 2024Multiple Apache Products Vulnerabilities
June 7, 2024ICS: Johnson Controls iSTAR Pro and ICU Vulnerability
June 7, 2024Multiple Apache Products Vulnerabilities
June 7, 2024
Severity
High
Analysis Summary
CVE-2024-37289 CVSS:7.8
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Apex One Security Agent. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2024-36303 CVSS:7.8
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Apex One NT RealTime Scan service. By sending specially crafted commands, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
CVE-2024-36302 CVSS:7.8
Trend Micro Apex One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Apex One NT Listener service. By sending specially crafted commands, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-37289
- CVE-2024-36303
- CVE-2024-36302
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade or suggested workaround information.