Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-24679 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-02-24 CVE-2022-24680 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-02-24 CVE-2022-25331 Unspecified vulnerability in Trendmicro products
Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process.
network
low complexity
trendmicro
7.5
2022-02-04 CVE-2022-23805 Out-of-bounds Read vulnerability in Trendmicro Worry-Free Business Security 10.0
A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server.
local
low complexity
trendmicro CWE-125
7.1
2022-01-20 CVE-2022-23119 Path Traversal vulnerability in Trendmicro Deep Security Agent 20.0
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system.
network
low complexity
trendmicro CWE-22
7.5
2022-01-20 CVE-2022-23120 Code Injection vulnerability in Trendmicro Deep Security Agent 20.0
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root.
local
low complexity
trendmicro CWE-94
7.8
2022-01-10 CVE-2021-44024 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
7.1
2022-01-10 CVE-2021-45231 Link Following vulnerability in Trendmicro products
A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system.
local
low complexity
trendmicro CWE-59
7.8
2022-01-10 CVE-2021-45440 Improper Privilege Management vulnerability in Trendmicro products
A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-269
7.8
2022-01-10 CVE-2021-45441 Origin Validation Error vulnerability in Trendmicro products
A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges.
local
low complexity
trendmicro CWE-346
7.8