CVE-2024-36358

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security versions 20.x below 20.0.1-3180

Description: A link following issue in Trend Micro Deep Security could allow a local attacker to escalate privileges on affected installations. The vulnerability is related to incorrect link resolution before accessing a file, which may enable an attacker to execute arbitrary code. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue.

Recommendations: For versions 20.x below 20.0.1-3180, update to a version above 20.0.1-3180 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.