Deep Security Agent Security Vulnerabilities and Issues — Deep Security Agent CVE List

TrendmicroDeep Security Agent

15 matches found

CVE•added 2024/12/31 4:19 p.m.•78 views

CVE-2024-55955

Trend Micro Deep Security Agent (20.0.1-9400 to 20.0.1-23340) is affected by an incorrect permissions assignment issue that can allow a local attacker to escalate privileges. The root cause is incorrect permissions set on a product folder created by the installer. An attacker must first run code ...

7.3CVSS7.2AI score0.00087EPSS

CVE•added 2022/01/20 6:11 p.m.•60 views

CVE-2022-23120

CVE-2022-23120 is a code-injection vulnerability in Trend Micro Deep Security and Cloud One – Workload Security Agent for Linux, affecting version 20 and below. The issue allows local privilege escalation to root by exploiting an input/validation weakness when handling directory traversal sequenc...

7.8CVSS7.8AI score0.00525EPSS

CVE•added 2022/09/28 9:10 p.m.•60 views

CVE-2022-40708

The issue tracked as CVE-2022-40708 relates to an Out-of-bounds read in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows. The vulnerability could let a local attacker disclose sensitive information on affected installations, requiring the attacker to first execute ...

3.3CVSS3.7AI score0.00239EPSS

CVE•added 2022/01/20 6:11 p.m.•57 views

CVE-2022-23119

CVE-2022-23119 affects Trend Micro Deep Security and Cloud One – Workload Security Agent for Linux (DS Agent) version 20 and earlier. The vulnerability is a directory traversal flaw in the agent/DSM workflow that could allow an attacker to read arbitrary files from the file system. Exploitation r...

7.5CVSS7.4AI score0.01408EPSS

CVE•added 2024/01/23 8:43 p.m.•56 views

CVE-2023-52338

CVE-2023-52338 affects Trend Micro Deep Security v20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. The vulnerability is a local privilege escalation via a link-following flaw in the Anti-Malware/Deep Security component, requiring the attacker to already run low-privilege cod...

7.8CVSS7.7AI score0.00148EPSS

CVE•added 2024/06/10 9:21 p.m.•54 views

CVE-2024-36358

CVE-2024-36358 affects Trend Micro Deep Security Deep Security Agent. The vulnerability is a local privilege escalation in the agent, exploitable by a user who can execute low-privileged code, by abusing a link following vulnerability to escalate to SYSTEM. Public writeups confirm the flaw lies i...

7.8CVSS7.1AI score0.00096EPSS

CVE•added 2022/09/28 9:10 p.m.•53 views

CVE-2022-40709

CVE-2022-40709, along with related CVEs 40707/40708, describes an Out-of-bounds read in Trend Micro Deep Security 20 and Cloud One – Workload Security Agent for Windows that could allow a local, low-privilege attacker to disclose sensitive information. Affected software is the Trend Micro Deep Se...

3.3CVSS3.7AI score0.00239EPSS

CVE•added 2022/09/28 9:10 p.m.•52 views

CVE-2022-40707

CVE-2022-40707 (and related CVEs 40708/40709) describe an Out-of-bounds read in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows. The Red Hat and NVD entries confirm a local disclosure vulnerability where an attacker who can run low-privilege code on the target can...

3.3CVSS3.7AI score0.00239EPSS

CVE•added 2024/11/19 7:0 p.m.•52 views

CVE-2024-51503

Summary: CVE-2024-51503 affects Trend Micro Deep Security Agent 20 (manual scan command injection). The vulnerability exists in the agent’s Notifier component and, under certain conditions, allows an attacker with legitimate domain access to escalate privileges and execute arbitrary code on remot...

8.8CVSS8.3AI score0.01015EPSS

CVE•added 2024/10/22 6:28 p.m.•47 views

CVE-2024-48903

CVE-2024-48903 affects Trend Micro Deep Security Agent 20. An improper access-control vulnerability could let a local, non-admin attacker escalate to higher privileges after obtaining the ability to execute low-privileged code. Documents consistently describe a local privilege-escalation impact, ...

7.8CVSS7.2AI score0.00091EPSS

CVE•added 2022/09/28 9:10 p.m.•45 views

CVE-2022-40710

Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows are affected by a local privilege escalation vulnerability (CVE-2022-40710). The issue arises from a link-following flaw where a low-privilege attacker who can run code locally can escalate to SYSTEM by abusing a sym...

7.8CVSS7.7AI score0.00172EPSS

CVE•added 2024/01/23 8:42 p.m.•45 views

CVE-2023-52337

CVE-2023-52337 describes an improper access control vulnerability in Trend Micro Deep Security 20.0 and in Trend Micro Cloud One – Endpoint and Workload Security Agent. The flaw arises from insufficient access controls in the Anti-Malware Solution Platform, enabling a local attacker who can execu...

7.8CVSS7.7AI score0.00119EPSS

CVE•added 2025/06/17 8:10 p.m.•19 views

CVE-2025-30640

CVE-2025-30640 is a confirmed local privilege escalation affecting Trend Micro Deep Security 20.0 agents, attributed to a link-following flaw in the Anti-Malware/Deep Security Platform. The root cause involves abusing symbolic links to escalate privileges, with an attacker needing to run low-priv...

7.8CVSS7.7AI score0.00279EPSS

CVE•added 2025/06/17 8:11 p.m.•16 views

CVE-2025-30642

CVE-2025-30642 concerns a local DoS in Trend Micro Deep Security Agent 20.0 caused by a link-following issue in the Damage Cleanup Engine. An attacker who can run code with low privileges on the target can trigger a denial of service by creating a junction that leads to file deletion, according t...

5.5CVSS5.6AI score0.00103EPSS

CVE•added 2025/06/17 8:10 p.m.•15 views

CVE-2025-30641

CVE-2025-30641 is a local privilege-escalation in Trend Micro Deep Security Deep Security Agent’s Anti-Malware component (20.0). The flaw arises from a link-following issue that can be exploited by a local attacker who already has low-privilege code execution to escalate privileges, potentially v...

7.8CVSS7.7AI score0.00154EPSS