Published:2024/02/21 Last Updated:2024/02/21
JVNVU#93534773
Multiple vulnerabilities in multiple Trend Micro products
Overview
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Products Affected
CVE-2023-52090, CVE-2023-52091, CVE-2023-52092, CVE-2023-52093, CVE-2023-52094
- Apex One 2019 (On-prem)
- Apex One as a Service
- Deep Security Agent 20.0
According to the developer, the following environments are not affected.
- Deep Security Virtual Appliance (DSVA) and Windows virtual machines protected by DSVA
- Deep Security Agent (for Linux)
- Deep Security Agent (for Unix)
Description
Trend Micro Incorporated has released security updates for multiple Trend Micro products.
Impact
Apex One 2019 (On-prem), Apex One as a Service
- Local privilege escalation due to a link following vulnerability - CVE-2023-52090, CVE-2023-52091, CVE-2023-52092
- Local privilege escalation due to an exposed dangerous function vulnerability - CVE-2023-52093
- Arbitrary folders deletion and local privilege escalation due to a link following vulnerability - CVE-2023-52094
- Local privilege escalation due to an improper access control - CVE-2023-52337
- Local privilege escalation due to a link following vulnerability - CVE-2023-52338
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
Apply the Workaround
The developer recommends applying mitigation measures.
For more information, refer to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.