Carl Fabian Luepke

**Name of the Vulnerable Software and Affected Versions** Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux versions 20 and below **Description** A directory traversal issue could allow an attacker to read arbitrary files from the file system. The attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this issue. **Recommendations** For versions 20 and below, ensure the Deep Security Manager (DSM) and agents are properly secured and configured to prevent unauthorized access. As a temporary workaround, consider restricting access to sensitive files and directories until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux versions 20 and below **Description** A code injection issue could allow an attacker to escalate privileges and run arbitrary code in the context of root. The attacker must first obtain access to the target agent in an un-activated and unconfigured state to exploit this issue. **Recommendations** For versions 20 and below, update to a version above 20 to resolve the issue. As a temporary workaround, consider restricting access to the agent until a patch is available. Ensure the agent is properly configured and activated to minimize the risk of exploitation.