Vulnerabilities > Trendmicro > Deep Security

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-52337 Unspecified vulnerability in Trendmicro Deep Security and Deep Security Agent
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro
7.8
2024-01-23 CVE-2023-52338 Link Following vulnerability in Trendmicro Deep Security and Deep Security Agent
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2021-03-03 CVE-2021-25252 Resource Exhaustion vulnerability in Trendmicro products
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
local
low complexity
trendmicro CWE-400
5.5
2020-08-05 CVE-2020-8607 Improper Input Validation vulnerability in Trendmicro products
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode.
local
low complexity
trendmicro CWE-20
6.7
2019-10-17 CVE-2019-15627 Link Following vulnerability in Trendmicro Deep Security 10.0/11.0/12.0
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact.
local
low complexity
trendmicro CWE-59
7.1
2019-10-17 CVE-2019-15626 Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Deep Security 10.0/11.0/12.0
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text.
network
low complexity
trendmicro CWE-319
7.5
2018-02-16 CVE-2018-6218 Untrusted Search Path vulnerability in Trendmicro products
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
local
high complexity
trendmicro CWE-426
7.0