296 matches found
Multiple vulnerabilities in Trend Micro Endpoint security products for enterprises (April 2025)
Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Trend Micro Apex Central 2019 Information Disclosure due to...
LogonUI.exe process hanging after logoff from multi-session VDA
When utilizing multi-session VDA with the Duo Security agent installed, users may close out the applications in an attempt to log off of the VDA but the LogonUI.exe process will hang. This will result in multiple Terminal Services sessions showing active with the same session number, but no user...
The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent allows a hacker to increase their privileges.
The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent is related to an incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of Trend Micro Deep Security Agent lies in its improper handling of file access links, which allows attackers to trigger a service failure.
The vulnerability of the Trend Micro Deep Security Agent lies in the improper handling of the link before accessing a file. Exploiting this vulnerability can allow an attacker to trigger a service failure...
CVE-2024-58105
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker mus...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
CVE-2024-48903
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Subsequent user interaction on the...
CVE-2024-55632
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...
PT-2024-36567 · Trend Micro · Trend Micro Apex One
Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. An attacker must first obta...
PT-2024-41129 · Trend Micro · Trend Micro Deep Security Agent
Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent affected versions not specified Description: The issue is related to an incorrect link resolution before accessing a file, which can lead to a denial-of-service condition when exploited. Recommendations: At the...
PT-2024-36618 · Trend Micro · Trend Micro Deep Security Agent
Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent versions 20.0.1-9400 through 20.0.1-23340 Description: An incorrect permissions assignment issue could allow a local attacker to escalate privileges on affected installations. To exploit this issue, an attacker...
Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection
Overview Trend Micro Incorporated has released the security updates for Deep Security Agent for Windows and Deep Security Notifier on DSVA for Windows VM to fix an OS command injection vulnerability CWE-78, CVE-2024-48903. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notif...
PT-2025-25240 · Trend Micro · Trend Micro Apex One
Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One security agent affected versions not specified Description: An uncontrolled search path issue allows a local attacker to escalate privileges on affected installations, but the attacker must first obtain the ability to...
Trend Micro Apex One Multiple Vulnerabilities (KA-0016669)
According to its self-reported version, the Trend Micro application running on the remote Windows host is Apex One prior to SP1 Server Build 12980 and Agent Build 12980. It is, therefore, affected by multiple vulnerabilities, including the following: - An origin validation vulnerability in the...
The vulnerability of the Trend Micro Deep Security Agent anti-virus protection system in Windows operating systems arises from the failure to take measures to neutralize certain special elements. This vulnerability allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of the Trend Micro Deep Security Agent anti-virus protection software for Windows operating systems is related to the lack of measures taken to neutralize its special elements. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitra...
CVE-2024-51503
Summary: CVE-2024-51503 affects Trend Micro Deep Security Agent 20 (manual scan command injection). The vulnerability exists in the agent’s Notifier component and, under certain conditions, allows an attacker with legitimate domain access to escalate privileges and execute arbitrary code on remot...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
Trend Micro Deep Security Agent Local Privilege Escalation (KA-0016724)
A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Note that Nessus has not tested for this issue but has instead relied solely on the application's self-reported version...
CVE-2024-48903
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...