Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-52337 Unspecified vulnerability in Trendmicro Deep Security and Deep Security Agent
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro
7.8
2024-01-23 CVE-2023-52338 Link Following vulnerability in Trendmicro Deep Security and Deep Security Agent
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2023-09-19 CVE-2023-41179 Code Injection vulnerability in Trendmicro products
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-94
7.2
2023-06-26 CVE-2023-28929 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
local
low complexity
trendmicro CWE-427
7.8
2023-06-26 CVE-2023-30902 Unspecified vulnerability in Trendmicro Apex ONE
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
local
low complexity
trendmicro
5.5
2023-06-26 CVE-2023-32521 Path Traversal vulnerability in Trendmicro Mobile Security 9.8
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
network
low complexity
trendmicro CWE-22
critical
9.1
2023-06-26 CVE-2023-32522 Path Traversal vulnerability in Trendmicro Mobile Security 9.8
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-22
8.1
2023-06-26 CVE-2023-32523 Improper Authentication vulnerability in Trendmicro Mobile Security 9.8
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
network
low complexity
trendmicro CWE-287
8.8
2023-06-26 CVE-2023-32524 Improper Authentication vulnerability in Trendmicro Mobile Security 9.8
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
network
low complexity
trendmicro CWE-287
8.8
2023-06-26 CVE-2023-32525 Unspecified vulnerability in Trendmicro Mobile Security 9.8
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.
network
low complexity
trendmicro
6.5