Multiple vulnerabilities in Trend Micro Apex One
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2024-36302 CVE-2024-36303 CVE-2024-36307 CVE-2024-36304 CVE-2024-36305 CVE-2024-36306 CVE-2024-37289 CVE-2024-39753 CVE-2024-52047 |
| CWE-ID | CWE-345 CWE-59 CWE-367 CWE-284 CWE-89 CWE-98 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
Updated 19.08.2024
Added vulnerability #8
1) Insufficient verification of data authenticity
EUVDB-ID: #VU91006
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36302
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to origin validation error. A local user can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-569/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient verification of data authenticity
EUVDB-ID: #VU91007
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36303
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to origin validation error. A local user can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-570/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU91008
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36307
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insecure link following. A local user can gain access to sensitive information about the agent on affected installations.
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-573/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU91010
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36304
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-571/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Link following
EUVDB-ID: #VU91011
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36305
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-572/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Link following
EUVDB-ID: #VU91012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36306
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure link following in the Damage Cleanup Engine. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-568/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU91264
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37289
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://success.trendmicro.com/dcx/s/solution/000298063?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-577/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) SQL injection
EUVDB-ID: #VU96086
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39753
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the client management functionality in modOSCE. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: All versions
CPE2.3 External linkshttps://www.zerodayinitiative.com/advisories/ZDI-24-897/
https://success.trendmicro.com/en-US/solution/KA-0016669
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) PHP file inclusion
EUVDB-ID: #VU102475
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-52047
CWE-ID:
CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
Exploit availability: No
DescriptionThe vulnerability allows a remote user to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files within the getWidgetPoolManager function. A remote authenticated user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: Patch 1 b2087 - CP 12967
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 1 b2087:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 2:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8358:*:*:*:*:*:*:*
https://success.trendmicro.com/en-US/solution/KA-0016669
https://www.zerodayinitiative.com/advisories/ZDI-25-007/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
