JVNVU#95720792: Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)

Overview

Trend Micro Apex One and Apex One as a Service contain multiple vulnerabilities.

Products Affected

Trend Micro Apex One
Trend Micro Apex One as a Service

Description

Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.

Impact

LogServer link following local privilege escalation vulnerability (CVE-2024-52048, CVE-2024-52049)
LogServer arbitrary file creation local privilege escalation vulnerability (CVE-2024-52050)
Engine link following local privilege escalation vulnerability (CVE-2024-55631)
Security agent link following local privilege escalation vulnerability (CVE-2024-55632)
Origin validation error local privilege escalation vulnerability (CVE-2024-55917)

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the patches listed below that contain fixes for these vulnerabilities.

Trend Micro Apex One SP1 build 13140
Trend Micro Apex One as a Service December 2024 Monthly Maintenance (202412) Agent version 14.0.14203

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: December 2024 for Trend Micro Apex One

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#95720792 Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)