JVNVU#94153896: Command injection vulnerability in Trend Micro Cloud Edge

Overview

Trend Micro Incorporated has released a security update for Cloud Edge.

Products Affected

Cloud Edge 5.6 SP2
Cloud Edge 7.0

Description

Trend Micro Incorporated has released a security update for Cloud Edge to fix a command injection vulnerability (CVE-2024-48904).

Impact

An arbitrary command may be executed on the affected Cloud Edge appliance.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.

Cloud Edge 5.6 SP2 build 3228
Cloud Edge 7.0 build 1081

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Cloud Edge Command Injection RCE Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#94153896 Command injection vulnerability in Trend Micro Cloud Edge