All the vulnerabilites related to Trend Micro, Inc. - Deep Security Agent
jvndb-2022-002448
Vulnerability from jvndb
Published
2022-10-11 17:02
Modified
2024-06-13 14:30
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows
Details
Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002448.html",
"dc:date": "2024-06-13T14:30+09:00",
"dcterms:issued": "2022-10-11T17:02+09:00",
"dcterms:modified": "2024-06-13T14:30+09:00",
"description": "Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002448.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:cloud_one_workload_security",
"@product": "Cloud One Workload Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:deep_security_agent",
"@product": "Deep Security Agent",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002448",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99960963/index.html",
"@id": "JVNVU#99960963",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40707",
"@id": "CVE-2022-40707",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40708",
"@id": "CVE-2022-40708",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40709",
"@id": "CVE-2022-40709",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-40710",
"@id": "CVE-2022-40710",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40707",
"@id": "CVE-2022-40707",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40708",
"@id": "CVE-2022-40708",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40709",
"@id": "CVE-2022-40709",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40710",
"@id": "CVE-2022-40710",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/125.html",
"@id": "CWE-125",
"@title": "Out-of-bounds Read(CWE-125)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows"
}
jvndb-2024-012017
Vulnerability from jvndb
Published
2024-11-06 11:00
Modified
2024-11-06 11:00
Summary
Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control
Details
Trend Micro Incorporated has released a security update for Deep Security 20 Agent (for Windows) to fix a improper access control vulnerability (CVE-2024-48903).
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Deep Security Agent |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012017.html",
"dc:date": "2024-11-06T11:00+09:00",
"dcterms:issued": "2024-11-06T11:00+09:00",
"dcterms:modified": "2024-11-06T11:00+09:00",
"description": "Trend Micro Incorporated has released a security update for Deep Security 20 Agent (for Windows) to fix a improper access control vulnerability (CVE-2024-48903).\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-012017.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:deep_security_agent",
"@product": "Deep Security Agent",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2024-012017",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96058081/index.html",
"@id": "JVNVU#96058081",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-48903",
"@id": "CVE-2024-48903",
"@source": "CVE"
}
],
"title": "Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control"
}
jvndb-2022-001097
Vulnerability from jvndb
Published
2022-01-25 13:35
Modified
2022-01-25 13:35
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux
Details
Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.
* Directory Traversal (CWE-22) - CVE-2022-23119
* Code Injection (CWE-94) - CVE-2022-23120
As of 2022 January 24, a Proof-of-Concept (PoC) code exploiting these vulnerabilities have already been made public.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001097.html",
"dc:date": "2022-01-25T13:35+09:00",
"dcterms:issued": "2022-01-25T13:35+09:00",
"dcterms:modified": "2022-01-25T13:35+09:00",
"description": "Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n * Directory Traversal (CWE-22) - CVE-2022-23119\r\n * Code Injection (CWE-94) - CVE-2022-23120\r\n\r\nAs of 2022 January 24, a Proof-of-Concept (PoC) code exploiting these vulnerabilities have already been made public.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001097.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:cloud_one_workload_security",
"@product": "Cloud One Workload Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:deep_security_agent",
"@product": "Deep Security Agent",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-001097",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95024141/",
"@id": "JVNVU#95024141",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-23119",
"@id": "CVE-2022-23119",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-23120",
"@id": "CVE-2022-23120",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23119",
"@id": "CVE-2022-23119",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23120",
"@id": "CVE-2022-23120",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux"
}
jvndb-2024-003645
Vulnerability from jvndb
Published
2024-06-20 14:59
Modified
2024-06-20 14:59
Summary
Multiple vulnerabilities in multiple Trend Micro products
Details
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003645.html",
"dc:date": "2024-06-20T14:59+09:00",
"dcterms:issued": "2024-06-20T14:59+09:00",
"dcterms:modified": "2024-06-20T14:59+09:00",
"description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003645.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one_as_a_service",
"@product": "Apex One as a Service",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:deep_security_agent",
"@product": "Deep Security Agent",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_web_security_virtual_appliance",
"@product": "TrendMicro InterScan Web Security Virtual Appliance",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2024-003645",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99027428/index.html",
"@id": "JVNVU#99027428",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36302",
"@id": "CVE-2024-36302",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36303",
"@id": "CVE-2024-36303",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36304",
"@id": "CVE-2024-36304",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36305",
"@id": "CVE-2024-36305",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36306",
"@id": "CVE-2024-36306",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36307",
"@id": "CVE-2024-36307",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-37289",
"@id": "CVE-2024-37289",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36358",
"@id": "CVE-2024-36358",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36359",
"@id": "CVE-2024-36359",
"@source": "CVE"
}
],
"title": "Multiple vulnerabilities in multiple Trend Micro products"
}
jvndb-2024-014079
Vulnerability from jvndb
Published
2024-12-06 12:11
Modified
2024-12-06 12:11
Summary
Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection
Details
Trend Micro Incorporated has released the security updates for Deep Security Agent (for Windows) and Deep Security Notifier on DSVA (for Windows VM) to fix an OS command injection vulnerability (CWE-78, CVE-2024-48903).
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93693807/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-26871 | |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014079.html",
"dc:date": "2024-12-06T12:11+09:00",
"dcterms:issued": "2024-12-06T12:11+09:00",
"dcterms:modified": "2024-12-06T12:11+09:00",
"description": "Trend Micro Incorporated has released the security updates for Deep Security Agent (for Windows) and Deep Security Notifier on DSVA (for Windows VM) to fix an OS command injection vulnerability (CWE-78, CVE-2024-48903).\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014079.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:deep_security_agent",
"@product": "Deep Security Agent",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:deep_security_notifier",
"@product": "Deep Security Notifier",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2024-014079",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93693807/index.html",
"@id": "JVNVU#93693807",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-26871",
"@id": "CVE-2024-51503",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection"
}