[Japanese]

JVNDB-2024-015393

Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)

Overview

Trend Micro Apex One and Apex One as a Service contain multiple vulnerabilities.

Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Apex One
  • Apex One as a Service

Impact

* LogServer link following local privilege escalation vulnerability (CVE-2024-52048, CVE-2024-52049)
* LogServer arbitrary file creation local privilege escalation vulnerability (CVE-2024-52050)
* Engine link following local privilege escalation vulnerability (CVE-2024-55631)
* Security agent link following local privilege escalation vulnerability (CVE-2024-55632)
* Origin validation error local privilege escalation vulnerability (CVE-2024-55917)
Solution

[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released the patches listed below that contain fixes for these vulnerabilities.

* Trend Micro Apex One SP1 build 13140
* Trend Micro Apex One as a Service December 2024 Monthly Maintenance (202412) Agent version 14.0.14203
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2024-52048
  2. CVE-2024-52049
  3. CVE-2024-52050
  4. CVE-2024-55631
  5. CVE-2024-55632
  6. CVE-2024-55917
References

  1. JVN : JVNVU#95720792
Revision History

  • [2024/12/23]
      Web page was published

Date Public2024/12/20
Date First Published2024/12/23
Date Last Updated2024/12/23