https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"/>https://success.trendmicro.com/dcx/s/solution/000298063?language=en_US <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability could lead to a denial-of-service condition on affected Trend Micro Apex One and Apex One as a Service installations. The CVSS v3.1 score is 6.1 (Medium), with the following impact breakdown: Integrity Impact: Low, Availability Impact: High, Confidentiality Impact: None. The attack vector is local, requiring low privileges and no user interaction.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
The vulnerability data does not provide specific information about available patches.
While specific mitigation steps are not provided in the vulnerability data, general best practices would include: 1. Limit local access to systems running Trend Micro Apex One and Apex One as a Service. 2. Monitor for and restrict the execution of low-privileged code on affected systems. 3. Keep the Trend Micro Apex One and Apex One as a Service software updated to the latest version. 4. Follow the principle of least privilege for user accounts on affected systems.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Feedly found the first article mentioning CVE-2024-36306. See article
Feedly estimated the CVSS score as MEDIUM
Detection for the vulnerability has been added to Qualys (379929)
NVD published the first details for CVE-2024-36306
A CVSS base score of 6.1 has been assigned.
EPSS Score was set to: 0.05% (Percentile: 16.1%)
A CVSS base score of 5.5 has been assigned.