CVE-2024-36307

Published: Jun 10, 2024Modified: Jun 27, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (2)

Products: Trendmicro: Apex One

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	Up to 14.0.13139
Trendmicro Apex One	From 14.0 to 14.0.0.12980

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://success.trendmicro.com/dcx/s/solution/000298063

Source: security@trendmicro.com

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-24-573/

Source: security@trendmicro.com

Third Party Advisory

https://success.trendmicro.com/dcx/s/solution/000298063

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-24-573/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.