Deep Security Security Vulnerabilities and Issues — Deep Security CVE List

TrendmicroDeep Security

7 matches found

CVE•added 2019/10/17 7:9 p.m.•115 views

CVE-2019-15627

The CVE-2019-15627 entry concerns Trend Micro Deep Security Agent versions 10.0, 11.0 and 12.0 on Windows, vulnerable to an arbitrary file delete/overwrite that can impact availability. Local OS access is required, and only Windows agents are affected. The underlying issue is a local file manipul...

7.1CVSS6.9AI score0.01311EPSS

Web

CVE•added 2024/01/23 8:43 p.m.•68 views

CVE-2023-52338

CVE-2023-52338 affects Trend Micro Deep Security v20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. The vulnerability is a local privilege escalation via a link-following flaw in the Anti-Malware/Deep Security component, requiring the attacker to already run low-privilege cod...

7.8CVSS7.7AI score0.0031EPSS

CVE•added 2018/02/16 10:0 p.m.•65 views

CVE-2018-6218

CVE-2018-6218 describes a DLL hijacking issue in Trend Micro’s User-Mode Hooking Module (UMH). The root cause is insecure DLL loading (DLL search order) in Trend Micro products, enabling arbitrary code execution if a malicious DLL is located where the installer/UMH loader loads it. Public documen...

7CVSS6.9AI score0.01624EPSS

CVE•added 2021/03/03 3:43 p.m.•60 views

CVE-2021-25252

CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...

5.5CVSS5.4AI score0.00556EPSS

CVE•added 2024/01/23 8:42 p.m.•58 views

CVE-2023-52337

CVE-2023-52337 describes an improper access control vulnerability in Trend Micro Deep Security 20.0 and in Trend Micro Cloud One – Endpoint and Workload Security Agent. The flaw arises from insufficient access controls in the Anti-Malware Solution Platform, enabling a local attacker who can execu...

7.8CVSS7.7AI score0.00242EPSS

CVE•added 2019/10/17 7:9 p.m.•56 views

CVE-2019-15626

CVE-2019-15626 affects Deep Security Manager (versions 10.0, 11.0, 12.0). When configured in a certain way, the initial LDAP communication is transmitted in clear text, resulting in a confidentiality impact (high in CVSS 3.1, per sources). The connected documents do not provide concrete exploit d...

7.5CVSS7.5AI score0.01755EPSS

CVE•added 2020/08/05 2:5 p.m.•45 views

CVE-2020-8607

CVE-2020-8607 affects multiple Trend Micro products that use a specific rootkit protection driver. The vulnerability arises from input validation that lets a user-mode attacker with administrator privileges abuse the driver to modify a kernel address, which can crash the system or potentially ena...

7.2CVSS6.6AI score0.00656EPSS