HIGH🇵🇱 Wersja polska

CVE-2024-58105

CVSS 7.3v3.1pub. 2025-03-25upd. 2025-08-01

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Trendmicro Apex One

    APP
    Trendmicro
    < 14.0.14203< 2019.13140
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-54948CRITICAL9.4⚠ KEVPL ✓ten sam produkt

Command injection w Trend Micro Apex One – RCE bez uwierzytelnienia

CVE-2022-26871CRITICAL9.8⚠ KEVten sam produkt

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attac...

CVE-2020-8599CRITICAL9.8⚠ KEVten sam produkt

Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote a...

CVE-2025-54987CRITICAL9.4PL ✓ten sam produkt

RCE w Trend Micro Apex One – command injection bez uwierzytelnienia

CVE-2023-32557CRITICAL9.8ten sam produkt

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenti...