[Japanese]

JVNDB-2024-011747

Command injection vulnerability in Trend Micro Cloud Edge

Overview

Trend Micro Incorporated has released a security update for Cloud Edge to fix a command injection vulnerability (CVE-2024-48904).

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Cloud Edge 5.6 SP2
  • Cloud Edge 7.0

Impact

An arbitrary command may be executed on the affected Cloud Edge appliance.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.

* Cloud Edge 5.6 SP2 build 3228
* Cloud Edge 7.0 build 1081
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2024-48904
References

  1. JVN : JVNVU#94153896
Revision History

  • [2024/11/01]
      Web page was published