A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HTrendmicro Deep Security As A Service
APPTrendmicrowszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Powiązane podatności
CVE-2025-54948CRITICAL9.4⚠ KEVPL ✓ten sam vendor
Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia
CVE-2022-26871CRITICAL9.8⚠ KEVten sam vendor
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attac...
CVE-2020-8599CRITICAL9.8⚠ KEVten sam vendor
Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote a...
CVE-2025-69258CRITICAL9.8PL ✓ten sam vendor
Krytyczna podatność LoadLibraryEX w Trend Micro Apex Central — RCE jako SYSTEM
CVE-2025-54987CRITICAL9.4PL ✓ten sam vendor
RCE w Trend Micro Apex One – command injection bez uwierzytelnienia