CVE-2024-52050

EPSS 0.05%
Veröffentlicht 31.12.2024 16:15:26
Zuletzt bearbeitet 31.12.2024 16:15:26
Quelle security@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerTrend Micro, Inc.

≫

Produkt Trend Micro Apex One

Version < 14.0.0.13140

Version 2019 (14.0)

Status affected

HerstellerTrend Micro, Inc.

≫

Produkt Trend Micro Apex One as a Service

Version < 14.0.14203

Version SaaS

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.145

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@trendmicro.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://success.trendmicro.com/en-US/solution/KA-0018217

https://nvd.nist.gov/vuln/detail/CVE-2024-52050

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52050

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52050

EUVD