Trend Micro Deep Security vulnerabilities

CVE-2022-40710 [HIGH] CWE-59 CVE-2022-40710: A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Age A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2022-40707 [LOW] CWE-125 CVE-2022-40707: An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Securit An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabili

CVE-2022-40709 [LOW] CVE-2022-40709: An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy

CVE-2022-40708 [LOW] CVE-2022-40708: An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy

CVE-2020-8602 [HIGH] CVE-2020-8602: A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vu A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

CVE-2020-15601 [HIGH] CWE-287 CVE-2020-15601: If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep S If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or

CVE-2020-8607 [MEDIUM] CWE-20 CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker

CVE-2019-9488 [MEDIUM] CWE-611 CVE-2019-9488: Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).