CVE-2024-36302

Published: Jun 10, 2024Modified: May 29, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36303.

Affected (2)

Products: Trendmicro: Apex One

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	Before 14.0.13139
Trendmicro Apex One	From 14.0 to 14.0.0.12980

Related CWEs

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (4)

https://success.trendmicro.com/dcx/s/solution/000298063

Source: security@trendmicro.com

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-24-569/

Source: security@trendmicro.com

Third Party Advisory

https://success.trendmicro.com/dcx/s/solution/000298063

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-24-569/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.