Search criteria

45 vulnerabilities found for deep_security_agent by trendmicro

FKIE_CVE-2025-30641

Vulnerability from fkie_nvd - Published: 2025-06-17 21:15 - Updated: 2025-09-09 14:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/en-US/solution/KA-0019344Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-25-240/Third Party Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent *
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C37012B3-DEB8-43B7-8CA5-61475F4E64AB",
              "versionEndExcluding": "20.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E2DDCEDE-AAC9-4775-8496-EB586064EFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C05839B1-B2FE-4AAA-9E62-DC913FA703ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D807E63A-41D5-4D70-8754-D7BA24A3872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D4C9B954-64D3-4C1C-8CAF-B12A3D25C842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "62C967EC-7A1D-4AD1-B09F-B99B3A7D11CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8B17AA4C-739B-41B3-BD59-447291FE6C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update23340:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E982255D-BD66-46EE-9B28-0C5720FA27BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update3180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E28C9F7F-F7F4-4199-933B-4AE42F773F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update4540:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "24BFA08E-F1AA-45A0-A8E4-D8D073BADDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update7380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "05D1A109-AED2-41B2-A1E5-FBE77CE99949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CE53A47-01E2-4BB5-9411-80FE4C137F77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad que sigue un enlace en la soluci\u00f3n antimalware de los agentes de Trend Micro Deep Security 20.0 podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante debe primero ejecutar c\u00f3digo con pocos privilegios en el sistema objetivo."
    }
  ],
  "id": "CVE-2025-30641",
  "lastModified": "2025-09-09T14:45:46.797",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-17T21:15:37.717",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-240/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "security@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2025-30640

Vulnerability from fkie_nvd - Published: 2025-06-17 21:15 - Updated: 2025-09-09 14:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/en-US/solution/KA-0019344Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-25-239/Third Party Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent *
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C37012B3-DEB8-43B7-8CA5-61475F4E64AB",
              "versionEndExcluding": "20.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E2DDCEDE-AAC9-4775-8496-EB586064EFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C05839B1-B2FE-4AAA-9E62-DC913FA703ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D807E63A-41D5-4D70-8754-D7BA24A3872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D4C9B954-64D3-4C1C-8CAF-B12A3D25C842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "62C967EC-7A1D-4AD1-B09F-B99B3A7D11CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8B17AA4C-739B-41B3-BD59-447291FE6C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update23340:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E982255D-BD66-46EE-9B28-0C5720FA27BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update3180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E28C9F7F-F7F4-4199-933B-4AE42F773F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update4540:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "24BFA08E-F1AA-45A0-A8E4-D8D073BADDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update7380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "05D1A109-AED2-41B2-A1E5-FBE77CE99949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CE53A47-01E2-4BB5-9411-80FE4C137F77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad que sigue un enlace en los agentes de Trend Micro Deep Security 20.0 podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante primero debe poder ejecutar c\u00f3digo con pocos privilegios en el sistema objetivo."
    }
  ],
  "id": "CVE-2025-30640",
  "lastModified": "2025-09-09T14:45:43.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-17T21:15:37.603",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-239/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "security@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2025-30642

Vulnerability from fkie_nvd - Published: 2025-06-17 21:15 - Updated: 2025-09-09 14:45
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/en-US/solution/KA-0019344Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-25-241/Third Party Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent *
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C37012B3-DEB8-43B7-8CA5-61475F4E64AB",
              "versionEndExcluding": "20.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E2DDCEDE-AAC9-4775-8496-EB586064EFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C05839B1-B2FE-4AAA-9E62-DC913FA703ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D807E63A-41D5-4D70-8754-D7BA24A3872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D4C9B954-64D3-4C1C-8CAF-B12A3D25C842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "62C967EC-7A1D-4AD1-B09F-B99B3A7D11CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8B17AA4C-739B-41B3-BD59-447291FE6C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update23340:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E982255D-BD66-46EE-9B28-0C5720FA27BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update3180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E28C9F7F-F7F4-4199-933B-4AE42F773F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update4540:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "24BFA08E-F1AA-45A0-A8E4-D8D073BADDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update7380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "05D1A109-AED2-41B2-A1E5-FBE77CE99949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CE53A47-01E2-4BB5-9411-80FE4C137F77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad que sigue un enlace en los agentes de Trend Micro Deep Security 20.0 podr\u00eda permitir a un atacante local crear una situaci\u00f3n de denegaci\u00f3n de servicio (DoS) en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante primero debe poder ejecutar c\u00f3digo con privilegios bajos en el sistema objetivo."
    }
  ],
  "id": "CVE-2025-30642",
  "lastModified": "2025-09-09T14:45:49.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-17T21:15:37.840",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-241/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "security@trendmicro.com",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2024-55955

Vulnerability from fkie_nvd - Published: 2024-12-31 17:15 - Updated: 2025-09-09 14:45
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/en-US/solution/KA-0018571Vendor Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C05839B1-B2FE-4AAA-9E62-DC913FA703ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D807E63A-41D5-4D70-8754-D7BA24A3872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D4C9B954-64D3-4C1C-8CAF-B12A3D25C842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "62C967EC-7A1D-4AD1-B09F-B99B3A7D11CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8B17AA4C-739B-41B3-BD59-447291FE6C19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CE53A47-01E2-4BB5-9411-80FE4C137F77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de asignaci\u00f3n incorrecta de permisos en los agentes de Trend Micro Deep Security 20.0 entre las versiones 20.0.1-9400 y 20.0.1-23340 podr\u00eda permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino.\n"
    }
  ],
  "id": "CVE-2024-55955",
  "lastModified": "2025-09-09T14:45:36.713",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-31T17:15:09.270",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0018571"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "security@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2024-51503

Vulnerability from fkie_nvd - Published: 2024-11-19 19:15 - Updated: 2025-09-04 23:45
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
References
security@trendmicro.comhttps://success.trendmicro.com/en-US/solution/KA-0018154Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-24-1516/Third Party Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2395:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C1630066-82A7-45B6-8C9B-5E33544057E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5761:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA857632-5129-484C-9180-DC3B1A7A99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "46511E37-DEEC-4097-B63D-9E525D71569B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8438:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "1CDA7299-C070-405E-BE53-1B235D6C5CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:*:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "7B440DCA-7A22-407A-AF5F-C7AF14546160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C05839B1-B2FE-4AAA-9E62-DC913FA703ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D807E63A-41D5-4D70-8754-D7BA24A3872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D4C9B954-64D3-4C1C-8CAF-B12A3D25C842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "62C967EC-7A1D-4AD1-B09F-B99B3A7D11CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update3180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E28C9F7F-F7F4-4199-933B-4AE42F773F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update4540:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "24BFA08E-F1AA-45A0-A8E4-D8D073BADDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update7380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "05D1A109-AED2-41B2-A1E5-FBE77CE99949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CE53A47-01E2-4BB5-9411-80FE4C137F77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n de comandos de escaneo manual del agente de seguridad en Trend Micro Deep Security 20 Agent podr\u00eda permitir que un atacante aumente los privilegios y ejecute c\u00f3digo arbitrario en una m\u00e1quina afectada. En determinadas circunstancias, los atacantes que tienen acceso leg\u00edtimo al dominio pueden inyectar comandos de forma remota en otras m\u00e1quinas del mismo dominio. Tenga en cuenta que un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para explotar esta vulnerabilidad de forma local y debe tener privilegios de usuario de dominio para afectar a otras m\u00e1quinas."
    }
  ],
  "id": "CVE-2024-51503",
  "lastModified": "2025-09-04T23:45:42.947",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-11-19T19:15:08.470",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0018154"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2024-48903

Vulnerability from fkie_nvd - Published: 2024-10-22 19:15 - Updated: 2025-07-31 16:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/en-US/solution/KA-0017997Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-24-1419/Third Party Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent *
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:update17380:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "5C6B6887-472A-4732-A462-7B70262CB06C",
              "versionEndExcluding": "20.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security Agent 20 podr\u00eda permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino."
    }
  ],
  "id": "CVE-2024-48903",
  "lastModified": "2025-07-31T16:07:18.630",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-22T19:15:06.590",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2024-36358

Vulnerability from fkie_nvd - Published: 2024-06-10 22:15 - Updated: 2025-10-23 12:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/dcx/s/solution/000298151Broken Link
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-24-575/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://success.trendmicro.com/dcx/s/solution/000298151Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-24-575/Third Party Advisory
Impacted products
Vendor Product Version
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0.1
linux linux_kernel -
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0.1
trendmicro deep_security_agent 20.0.1
microsoft windows -
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0.1
opengroup unix -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1194:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4BE1D2F8-3F0E-4E43-AB20-BB9F280B27EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1304:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "5C1275B0-D75C-4EBD-8009-F171C0F53D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2395:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C1630066-82A7-45B6-8C9B-5E33544057E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2971:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "302E31AA-AF51-4869-BA2F-832299A5C648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3770:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3BBF5ADC-D0D4-4BF4-989F-84EAF7573855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5761:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA857632-5129-484C-9180-DC3B1A7A99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5953:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "7504575F-3A63-4299-B355-682F495BD769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6658:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "78CC9093-3CB7-486A-AF1A-189EA52BBF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6912:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "166C9EC4-3A3A-437E-9B71-E8A95808454D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8438:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "1CDA7299-C070-405E-BE53-1B235D6C5CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8453:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "7FC6D105-41D4-41BF-BD43-0EA1C69EC47D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8438:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "1CDA7299-C070-405E-BE53-1B235D6C5CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update700:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "26E9FE45-48C7-4745-BD8D-F72907AAC469",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1194:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4BE1D2F8-3F0E-4E43-AB20-BB9F280B27EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1304:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "5C1275B0-D75C-4EBD-8009-F171C0F53D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2395:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C1630066-82A7-45B6-8C9B-5E33544057E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3770:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3BBF5ADC-D0D4-4BF4-989F-84EAF7573855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5761:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA857632-5129-484C-9180-DC3B1A7A99E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5953:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "7504575F-3A63-4299-B355-682F495BD769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6658:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "78CC9093-3CB7-486A-AF1A-189EA52BBF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6912:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "166C9EC4-3A3A-437E-9B71-E8A95808454D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8438:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "1CDA7299-C070-405E-BE53-1B235D6C5CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF6B83AD-8517-4952-890B-4CF725407131",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Un enlace que sigue a una vulnerabilidad en los agentes Trend Micro Deep Security 20.x por debajo de la compilaci\u00f3n 20.0.1-3180 podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2024-36358",
  "lastModified": "2025-10-23T12:26:12.277",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@trendmicro.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-10T22:15:11.230",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://success.trendmicro.com/dcx/s/solution/000298151"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://success.trendmicro.com/dcx/s/solution/000298151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1106"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-52337

Vulnerability from fkie_nvd - Published: 2024-01-23 21:15 - Updated: 2025-06-20 19:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/dcx/s/solution/000296337?language=en_USVendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-24-075/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://success.trendmicro.com/dcx/s/solution/000296337?language=en_USVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-24-075/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
trendmicro deep_security 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "687BDC97-044F-4FE1-9A40-53603AFEA35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2023-52337",
  "lastModified": "2025-06-20T19:15:28.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-23T21:15:09.677",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-52338

Vulnerability from fkie_nvd - Published: 2024-01-23 21:15 - Updated: 2024-11-21 08:39
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/dcx/s/solution/000296337?language=en_USVendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-24-076/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://success.trendmicro.com/dcx/s/solution/000296337?language=en_USVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-24-076/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
trendmicro deep_security 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "687BDC97-044F-4FE1-9A40-53603AFEA35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de link following en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2023-52338",
  "lastModified": "2024-11-21T08:39:35.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-01-23T21:15:09.717",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2022-40709

Vulnerability from fkie_nvd - Published: 2022-09-28 21:15 - Updated: 2024-11-21 07:21
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.
References
security@trendmicro.comhttps://success.trendmicro.com/solution/000291590Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-1299/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://success.trendmicro.com/solution/000291590Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-1299/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de lectura fuera de l\u00edmites en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local divulgar informaci\u00f3n confidencial en las instalaciones afectadas. Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar estas vulnerabilidades. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a las CVE-2022-40707 y 40708"
    }
  ],
  "id": "CVE-2022-40709",
  "lastModified": "2024-11-21T07:21:54.283",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-28T21:15:15.190",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-40708

Vulnerability from fkie_nvd - Published: 2022-09-28 21:15 - Updated: 2025-05-20 21:15
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.
References
security@trendmicro.comhttps://success.trendmicro.com/solution/000291590Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-1298/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://success.trendmicro.com/solution/000291590Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-1298/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de lectura fuera de l\u00edmites en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local divulgar informaci\u00f3n confidencial en las instalaciones afectadas. Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar estas vulnerabilidades. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a la CVE-2022-40707"
    }
  ],
  "id": "CVE-2022-40708",
  "lastModified": "2025-05-20T21:15:22.640",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-09-28T21:15:15.137",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2022-40710

Vulnerability from fkie_nvd - Published: 2022-09-28 21:15 - Updated: 2024-11-21 07:21
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
security@trendmicro.comhttps://success.trendmicro.com/solution/000291590Vendor Advisory
security@trendmicro.comhttps://www.zerodayinitiative.com/advisories/ZDI-22-1296/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://success.trendmicro.com/solution/000291590Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-22-1296/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
trendmicro deep_security_agent 20.0
microsoft windows -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de seguimiento de enlaces en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2022-40710",
  "lastModified": "2024-11-21T07:21:54.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-28T21:15:15.243",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-30642 (GCVE-0-2025-30642)

Vulnerability from cvelistv5 – Published: 2025-06-17 20:11 – Updated: 2025-06-20 13:12
VLAI?
Summary
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-25770 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:19:47.867850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:12:28.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-25770",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:11:03.855Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-241/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-30642",
    "datePublished": "2025-06-17T20:11:03.855Z",
    "dateReserved": "2025-03-24T18:39:10.814Z",
    "dateUpdated": "2025-06-20T13:12:28.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30641 (GCVE-0-2025-30641)

Vulnerability from cvelistv5 – Published: 2025-06-17 20:10 – Updated: 2025-06-20 13:12
VLAI?
Summary
A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-25770 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:44:40.048042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:12:33.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-25770",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:10:54.478Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-240/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-30641",
    "datePublished": "2025-06-17T20:10:54.478Z",
    "dateReserved": "2025-03-24T18:39:10.814Z",
    "dateUpdated": "2025-06-20T13:12:33.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30640 (GCVE-0-2025-30640)

Vulnerability from cvelistv5 – Published: 2025-06-17 20:10 – Updated: 2025-06-20 13:12
VLAI?
Summary
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-25770 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:44:42.494000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:12:39.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-25770",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:10:21.752Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-239/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-30640",
    "datePublished": "2025-06-17T20:10:21.752Z",
    "dateReserved": "2025-03-24T18:39:10.814Z",
    "dateUpdated": "2025-06-20T13:12:39.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-55955 (GCVE-0-2024-55955)

Vulnerability from cvelistv5 – Published: 2024-12-31 16:19 – Updated: 2025-03-05 04:55
VLAI?
Summary
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-23340 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0:update10940:*:*:long_term_support:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T04:55:27.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update10940:*:*:long_term_support:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-23340",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled Search Path Element",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T16:19:35.471Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0018571"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-55955",
    "datePublished": "2024-12-31T16:19:35.471Z",
    "dateReserved": "2024-12-13T18:38:39.678Z",
    "dateUpdated": "2025-03-05T04:55:27.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51503 (GCVE-0-2024-51503)

Vulnerability from cvelistv5 – Published: 2024-11-19 19:00 – Updated: 2024-11-21 04:55
VLAI?
Summary
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
Severity ?
8 (High)
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-78 - OS Command Injection
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-21510 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51503",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T04:55:15.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-21510",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: OS Command Injection",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T19:00:51.467Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0018154"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-51503",
    "datePublished": "2024-11-19T19:00:51.467Z",
    "dateReserved": "2024-10-28T17:36:11.711Z",
    "dateUpdated": "2024-11-21T04:55:15.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48903 (GCVE-0-2024-48903)

Vulnerability from cvelistv5 – Published: 2024-10-22 18:28 – Updated: 2025-03-13 13:22
VLAI?
Summary
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20 , < 20.0.1-17380 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trend_micro_inc:deep_security_agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trend_micro_inc",
            "versions": [
              {
                "lessThan": "20.0.1-17380",
                "status": "affected",
                "version": "20",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T19:11:41.658314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:22:14.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-17380",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-22T18:28:49.537Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-48903",
    "datePublished": "2024-10-22T18:28:49.537Z",
    "dateReserved": "2024-10-09T19:03:26.733Z",
    "dateUpdated": "2025-03-13T13:22:14.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36358 (GCVE-0-2024-36358)

Vulnerability from cvelistv5 – Published: 2024-06-10 21:21 – Updated: 2025-03-13 13:55
VLAI?
Summary
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-1106 - Insufficient Use of Symbolic Constants
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20 , < 20.0.1-3180 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trendmicro",
            "versions": [
              {
                "lessThan": "20.0.1-3180",
                "status": "affected",
                "version": "20.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36358",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T14:20:25.304200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1106",
                "description": "CWE-1106 Insufficient Use of Symbolic Constants",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:55:36.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/dcx/s/solution/000298151"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-3180",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T21:21:48.082Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/dcx/s/solution/000298151"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-36358",
    "datePublished": "2024-06-10T21:21:48.082Z",
    "dateReserved": "2024-05-23T20:03:45.563Z",
    "dateUpdated": "2025-03-13T13:55:36.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52338 (GCVE-0-2023-52338)

Vulnerability from cvelistv5 – Published: 2024-01-23 20:43 – Updated: 2024-08-02 22:55
VLAI?
Summary
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20.0 , < 20.0.0-8438 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trendmicro",
            "versions": [
              {
                "lessThan": "20.0.0-8438",
                "status": "affected",
                "version": "20.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T19:14:09.238652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-59",
                "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T19:25:59.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.0-8438",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T20:43:13.069Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2023-52338",
    "datePublished": "2024-01-23T20:43:13.069Z",
    "dateReserved": "2024-01-12T00:09:12.342Z",
    "dateUpdated": "2024-08-02T22:55:41.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52337 (GCVE-0-2023-52337)

Vulnerability from cvelistv5 – Published: 2024-01-23 20:42 – Updated: 2025-06-20 19:00
VLAI?
Summary
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20.0 , < 20.0.0-8438 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T04:00:42.578340Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T19:00:09.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.0-8438",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T20:42:58.280Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2023-52337",
    "datePublished": "2024-01-23T20:42:58.280Z",
    "dateReserved": "2024-01-12T00:09:12.342Z",
    "dateUpdated": "2025-06-20T19:00:09.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30642 (GCVE-0-2025-30642)

Vulnerability from nvd – Published: 2025-06-17 20:11 – Updated: 2025-06-20 13:12
VLAI?
Summary
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-25770 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:19:47.867850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:12:28.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-25770",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:11:03.855Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-241/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-30642",
    "datePublished": "2025-06-17T20:11:03.855Z",
    "dateReserved": "2025-03-24T18:39:10.814Z",
    "dateUpdated": "2025-06-20T13:12:28.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30641 (GCVE-0-2025-30641)

Vulnerability from nvd – Published: 2025-06-17 20:10 – Updated: 2025-06-20 13:12
VLAI?
Summary
A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-25770 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:44:40.048042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:12:33.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-25770",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:10:54.478Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-240/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-30641",
    "datePublished": "2025-06-17T20:10:54.478Z",
    "dateReserved": "2025-03-24T18:39:10.814Z",
    "dateUpdated": "2025-06-20T13:12:33.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30640 (GCVE-0-2025-30640)

Vulnerability from nvd – Published: 2025-06-17 20:10 – Updated: 2025-06-20 13:12
VLAI?
Summary
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-25770 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:44:42.494000Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T13:12:39.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0.1-25770:long_term_support:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-25770",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:10:21.752Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019344"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-239/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-30640",
    "datePublished": "2025-06-17T20:10:21.752Z",
    "dateReserved": "2025-03-24T18:39:10.814Z",
    "dateUpdated": "2025-06-20T13:12:39.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-55955 (GCVE-0-2024-55955)

Vulnerability from nvd – Published: 2024-12-31 16:19 – Updated: 2025-03-05 04:55
VLAI?
Summary
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
6.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-23340 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0:update10940:*:*:long_term_support:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-55955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T04:55:27.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update10940:*:*:long_term_support:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-23340",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427: Uncontrolled Search Path Element",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T16:19:35.471Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0018571"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-55955",
    "datePublished": "2024-12-31T16:19:35.471Z",
    "dateReserved": "2024-12-13T18:38:39.678Z",
    "dateUpdated": "2025-03-05T04:55:27.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51503 (GCVE-0-2024-51503)

Vulnerability from nvd – Published: 2024-11-19 19:00 – Updated: 2024-11-21 04:55
VLAI?
Summary
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
Severity ?
8 (High)
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-78 - OS Command Injection
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Affected: 20 , < 20.0.1-21510 (semver)
    cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-51503",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T04:55:15.526Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*"
          ],
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-21510",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine.  In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: OS Command Injection",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T19:00:51.467Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0018154"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1516/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-51503",
    "datePublished": "2024-11-19T19:00:51.467Z",
    "dateReserved": "2024-10-28T17:36:11.711Z",
    "dateUpdated": "2024-11-21T04:55:15.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48903 (GCVE-0-2024-48903)

Vulnerability from nvd – Published: 2024-10-22 18:28 – Updated: 2025-03-13 13:22
VLAI?
Summary
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20 , < 20.0.1-17380 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trend_micro_inc:deep_security_agent:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trend_micro_inc",
            "versions": [
              {
                "lessThan": "20.0.1-17380",
                "status": "affected",
                "version": "20",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T19:11:41.658314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:22:14.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-17380",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-22T18:28:49.537Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0017997"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1419/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-48903",
    "datePublished": "2024-10-22T18:28:49.537Z",
    "dateReserved": "2024-10-09T19:03:26.733Z",
    "dateUpdated": "2025-03-13T13:22:14.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36358 (GCVE-0-2024-36358)

Vulnerability from nvd – Published: 2024-06-10 21:21 – Updated: 2025-03-13 13:55
VLAI?
Summary
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-1106 - Insufficient Use of Symbolic Constants
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20 , < 20.0.1-3180 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trendmicro",
            "versions": [
              {
                "lessThan": "20.0.1-3180",
                "status": "affected",
                "version": "20.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36358",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T14:20:25.304200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1106",
                "description": "CWE-1106 Insufficient Use of Symbolic Constants",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T13:55:36.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/dcx/s/solution/000298151"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.1-3180",
              "status": "affected",
              "version": "20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T21:21:48.082Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/dcx/s/solution/000298151"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-575/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2024-36358",
    "datePublished": "2024-06-10T21:21:48.082Z",
    "dateReserved": "2024-05-23T20:03:45.563Z",
    "dateUpdated": "2025-03-13T13:55:36.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52338 (GCVE-0-2023-52338)

Vulnerability from nvd – Published: 2024-01-23 20:43 – Updated: 2024-08-02 22:55
VLAI?
Summary
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20.0 , < 20.0.0-8438 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "deep_security_agent",
            "vendor": "trendmicro",
            "versions": [
              {
                "lessThan": "20.0.0-8438",
                "status": "affected",
                "version": "20.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T19:14:09.238652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-59",
                "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T19:25:59.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.0-8438",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T20:43:13.069Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2023-52338",
    "datePublished": "2024-01-23T20:43:13.069Z",
    "dateReserved": "2024-01-12T00:09:12.342Z",
    "dateUpdated": "2024-08-02T22:55:41.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52337 (GCVE-0-2023-52337)

Vulnerability from nvd – Published: 2024-01-23 20:42 – Updated: 2025-06-20 19:00
VLAI?
Summary
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Deep Security Agent Affected: 20.0 , < 20.0.0-8438 (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T04:00:42.578340Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T19:00:09.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "20.0.0-8438",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T20:42:58.280Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2023-52337",
    "datePublished": "2024-01-23T20:42:58.280Z",
    "dateReserved": "2024-01-12T00:09:12.342Z",
    "dateUpdated": "2025-06-20T19:00:09.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}