CVE-2024-37289

Published: Jun 10, 2024Modified: Jun 16, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (2)

Products: Trendmicro: Apex One

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	From 14.0 to 14.0.0.12980
Trendmicro Apex One	Before 14.0.13139

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://success.trendmicro.com/dcx/s/solution/000298063

Source: security@trendmicro.com

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-24-577/

Source: security@trendmicro.com

Third Party Advisory

https://success.trendmicro.com/dcx/s/solution/000298063

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-24-577/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.