- 173/2024
- High
Trend Micro has released security updates to address several vulnerabilities across multiple Trend Micro products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, perform denial of service attacks, or gain elevated privileges to the affected product.
Sample of the addressed vulnerabilities:
1. Trend Micro Deep Security Agent Privilege Escalation Vulnerability (CVE-2024-36358):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Trend Micro InterScan Web Security Virtual Appliance Cross-Site Scripting Vulnerability (CVE-2024-36359):
- CVSS: 5.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
Affected Products:
- Trend Micro Deep Security Agent.
- Trend Micro Apex One.
- Trend Micro Apex One as a Service.
- Trend Micro InterScan Web Security Virtual Appliance (IWSVA).
Vulnerabilities
- CVE-2024-36358
- CVE-2024-36305
- CVE-2024-36359
- CVE-2024-36302
- CVE-2024-36303
- CVE-2024-36304
- CVE-2024-36306
- CVE-2024-36307
- CVE-2024-37289
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.