Skip to content

Commit 58ce0fe

Browse files
author
cvelistV5 Github Action
committed
12 changes (5 new | 7 updated):
 - 5 new CVEs: CVE-2024-52047, CVE-2024-52048, CVE-2024-52049, CVE-2024-52050, CVE-2024-53647 - 7 updated CVEs: CVE-2024-56002, CVE-2024-56039, CVE-2024-56046, CVE-2024-56064, CVE-2024-56070, CVE-2024-56206, CVE-2024-56207
1 parent c200ce0 commit 58ce0fe

14 files changed

+896
-21
lines changed

cves/2024/52xxx/CVE-2024-52047.json

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-52047",
6+
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "trendmicro",
9+
"dateReserved": "2024-11-05T15:05:29.657Z",
10+
"datePublished": "2024-12-31T16:09:28.937Z",
11+
"dateUpdated": "2024-12-31T16:09:28.937Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"vendor": "Trend Micro, Inc.",
18+
"product": "Trend Micro Apex One",
19+
"versions": [
20+
{
21+
"version": "2019 (14.0)",
22+
"status": "affected",
23+
"versionType": "semver",
24+
"lessThan": "14.0.0.12980"
25+
}
26+
]
27+
},
28+
{
29+
"vendor": "Trend Micro, Inc.",
30+
"product": "Trend Micro Apex One as a Service",
31+
"versions": [
32+
{
33+
"version": "SaaS",
34+
"status": "affected",
35+
"versionType": "semver",
36+
"lessThan": "14.0.13139"
37+
}
38+
]
39+
}
40+
],
41+
"descriptions": [
42+
{
43+
"lang": "en",
44+
"value": "A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
45+
}
46+
],
47+
"providerMetadata": {
48+
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
49+
"shortName": "trendmicro",
50+
"dateUpdated": "2024-12-31T16:09:28.937Z"
51+
},
52+
"references": [
53+
{
54+
"url": "https://success.trendmicro.com/en-US/solution/KA-0016669"
55+
}
56+
],
57+
"metrics": [
58+
{
59+
"format": "CVSS",
60+
"scenarios": [
61+
{
62+
"lang": "en",
63+
"value": "GENERAL"
64+
}
65+
],
66+
"cvssV3_1": {
67+
"version": "3.1",
68+
"attackVector": "NETWORK",
69+
"attackComplexity": "HIGH",
70+
"privilegesRequired": "LOW",
71+
"userInteraction": "NONE",
72+
"scope": "UNCHANGED",
73+
"confidentialityImpact": "HIGH",
74+
"integrityImpact": "HIGH",
75+
"availabilityImpact": "HIGH",
76+
"baseSeverity": "HIGH",
77+
"baseScore": 7.5,
78+
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
79+
}
80+
}
81+
]
82+
}
83+
}
84+
}

cves/2024/52xxx/CVE-2024-52048.json

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-52048",
6+
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "trendmicro",
9+
"dateReserved": "2024-11-05T15:05:29.658Z",
10+
"datePublished": "2024-12-31T16:11:41.737Z",
11+
"dateUpdated": "2024-12-31T16:11:41.737Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"vendor": "Trend Micro, Inc.",
18+
"product": "Trend Micro Apex One",
19+
"versions": [
20+
{
21+
"version": "2019 (14.0)",
22+
"status": "affected",
23+
"versionType": "semver",
24+
"lessThan": "14.0.0.13140"
25+
}
26+
],
27+
"cpes": [
28+
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.13121:p3:*:*:*:*:*:*"
29+
]
30+
},
31+
{
32+
"vendor": "Trend Micro, Inc.",
33+
"product": "Trend Micro Apex One as a Service",
34+
"versions": [
35+
{
36+
"version": "SaaS",
37+
"status": "affected",
38+
"versionType": "semver",
39+
"lessThan": "14.0.14203"
40+
}
41+
],
42+
"cpes": [
43+
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14026:ga:*:*:*:*:*:*"
44+
]
45+
}
46+
],
47+
"descriptions": [
48+
{
49+
"lang": "en",
50+
"value": "A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
51+
}
52+
],
53+
"providerMetadata": {
54+
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
55+
"shortName": "trendmicro",
56+
"dateUpdated": "2024-12-31T16:11:41.737Z"
57+
},
58+
"references": [
59+
{
60+
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
61+
}
62+
],
63+
"metrics": [
64+
{
65+
"format": "CVSS",
66+
"scenarios": [
67+
{
68+
"lang": "en",
69+
"value": "GENERAL"
70+
}
71+
],
72+
"cvssV3_1": {
73+
"version": "3.1",
74+
"attackVector": "LOCAL",
75+
"attackComplexity": "LOW",
76+
"privilegesRequired": "LOW",
77+
"userInteraction": "NONE",
78+
"scope": "UNCHANGED",
79+
"confidentialityImpact": "HIGH",
80+
"integrityImpact": "HIGH",
81+
"availabilityImpact": "HIGH",
82+
"baseSeverity": "HIGH",
83+
"baseScore": 7.8,
84+
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
85+
}
86+
}
87+
],
88+
"problemTypes": [
89+
{
90+
"descriptions": [
91+
{
92+
"description": "CWE-266: Incorrect Privilege Assignment",
93+
"lang": "en-US",
94+
"type": "CWE",
95+
"cweId": "CWE-266"
96+
}
97+
]
98+
}
99+
]
100+
}
101+
}
102+
}

cves/2024/52xxx/CVE-2024-52049.json

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-52049",
6+
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "trendmicro",
9+
"dateReserved": "2024-11-05T15:05:29.658Z",
10+
"datePublished": "2024-12-31T16:13:12.794Z",
11+
"dateUpdated": "2024-12-31T16:13:12.794Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"vendor": "Trend Micro, Inc.",
18+
"product": "Trend Micro Apex One",
19+
"versions": [
20+
{
21+
"version": "2019 (14.0)",
22+
"status": "affected",
23+
"versionType": "semver",
24+
"lessThan": "14.0.0.13140"
25+
}
26+
],
27+
"cpes": [
28+
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.13121:p3:*:*:*:*:*:*"
29+
]
30+
},
31+
{
32+
"vendor": "Trend Micro, Inc.",
33+
"product": "Trend Micro Apex One as a Service",
34+
"versions": [
35+
{
36+
"version": "SaaS",
37+
"status": "affected",
38+
"versionType": "semver",
39+
"lessThan": "14.0.14203"
40+
}
41+
],
42+
"cpes": [
43+
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14026:ga:*:*:*:*:*:*"
44+
]
45+
}
46+
],
47+
"descriptions": [
48+
{
49+
"lang": "en",
50+
"value": "A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
51+
}
52+
],
53+
"providerMetadata": {
54+
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
55+
"shortName": "trendmicro",
56+
"dateUpdated": "2024-12-31T16:13:12.794Z"
57+
},
58+
"references": [
59+
{
60+
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
61+
}
62+
],
63+
"metrics": [
64+
{
65+
"format": "CVSS",
66+
"scenarios": [
67+
{
68+
"lang": "en",
69+
"value": "GENERAL"
70+
}
71+
],
72+
"cvssV3_1": {
73+
"version": "3.1",
74+
"attackVector": "LOCAL",
75+
"attackComplexity": "LOW",
76+
"privilegesRequired": "LOW",
77+
"userInteraction": "NONE",
78+
"scope": "UNCHANGED",
79+
"confidentialityImpact": "HIGH",
80+
"integrityImpact": "HIGH",
81+
"availabilityImpact": "HIGH",
82+
"baseSeverity": "HIGH",
83+
"baseScore": 7.8,
84+
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
85+
}
86+
}
87+
],
88+
"problemTypes": [
89+
{
90+
"descriptions": [
91+
{
92+
"description": "CWE-266: Incorrect Privilege Assignment",
93+
"lang": "en-US",
94+
"type": "CWE",
95+
"cweId": "CWE-266"
96+
}
97+
]
98+
}
99+
]
100+
}
101+
}
102+
}

cves/2024/52xxx/CVE-2024-52050.json

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.1",
4+
"cveMetadata": {
5+
"cveId": "CVE-2024-52050",
6+
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "trendmicro",
9+
"dateReserved": "2024-11-05T15:05:29.658Z",
10+
"datePublished": "2024-12-31T16:13:49.837Z",
11+
"dateUpdated": "2024-12-31T16:13:49.837Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"affected": [
16+
{
17+
"vendor": "Trend Micro, Inc.",
18+
"product": "Trend Micro Apex One",
19+
"versions": [
20+
{
21+
"version": "2019 (14.0)",
22+
"status": "affected",
23+
"versionType": "semver",
24+
"lessThan": "14.0.0.13140"
25+
}
26+
],
27+
"cpes": [
28+
"cpe:2.3:a:trendmicro:apexone_op:14.0.0.13121:p3:*:*:*:*:*:*"
29+
]
30+
},
31+
{
32+
"vendor": "Trend Micro, Inc.",
33+
"product": "Trend Micro Apex One as a Service",
34+
"versions": [
35+
{
36+
"version": "SaaS",
37+
"status": "affected",
38+
"versionType": "semver",
39+
"lessThan": "14.0.14203"
40+
}
41+
],
42+
"cpes": [
43+
"cpe:2.3:a:trendmicro:apexone_saas:14.0.0.14026:ga:*:*:*:*:*:*"
44+
]
45+
}
46+
],
47+
"descriptions": [
48+
{
49+
"lang": "en",
50+
"value": "A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
51+
}
52+
],
53+
"providerMetadata": {
54+
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
55+
"shortName": "trendmicro",
56+
"dateUpdated": "2024-12-31T16:13:49.837Z"
57+
},
58+
"references": [
59+
{
60+
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
61+
}
62+
],
63+
"metrics": [
64+
{
65+
"format": "CVSS",
66+
"scenarios": [
67+
{
68+
"lang": "en",
69+
"value": "GENERAL"
70+
}
71+
],
72+
"cvssV3_1": {
73+
"version": "3.1",
74+
"attackVector": "LOCAL",
75+
"attackComplexity": "LOW",
76+
"privilegesRequired": "LOW",
77+
"userInteraction": "NONE",
78+
"scope": "UNCHANGED",
79+
"confidentialityImpact": "HIGH",
80+
"integrityImpact": "HIGH",
81+
"availabilityImpact": "HIGH",
82+
"baseSeverity": "HIGH",
83+
"baseScore": 7.8,
84+
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
85+
}
86+
}
87+
],
88+
"problemTypes": [
89+
{
90+
"descriptions": [
91+
{
92+
"description": "CWE-59: Improper Link Resolution Before File Access",
93+
"lang": "en-US",
94+
"type": "CWE",
95+
"cweId": "CWE-59"
96+
}
97+
]
98+
}
99+
]
100+
}
101+
}
102+
}

0 commit comments

Comments
 (0)