CVE-2024-36306

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified)

Description A link following issue in the Damage Cleanup Engine of Trend Micro Apex One and Apex One as a Service could allow a local attacker to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The vulnerability is related to incorrect link resolution before accessing a file.

Recommendations For Trend Micro Apex One, consider disabling the Damage Cleanup Engine as a temporary workaround until a patch is available. For Trend Micro Apex One as a Service, restrict access to the Damage Cleanup Engine to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.