CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-52049

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00024/1

CVE-2024-52049 is a privilege escalation vulnerability affecting Trend Micro Apex One. This LogServer link following issue allows a local attacker, who has already gained low-privileged access to the system, to potentially escalate their privileges. While the CVSS score is 0, indicating a low base severity, the SVRS score of 30 suggests a slightly elevated risk due to its presence "In The Wild", though not immediately critical. This means exploitation has been observed. The risk is that a malicious actor with limited access could leverage this vulnerability to gain full control of the affected system. System administrators should investigate and apply available patches to mitigate potential risks. The significance stems from enabling lateral movement within a network for attackers.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-31
LAST MODIFIED2024-12-31

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ZDI-25-006: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability
2025-03-01
ZDI-25-006: Trend Micro Apex One LogServer Link Following Local Privilege Escalation Vulnerability | This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52049.
cve-2024-52049
security
server
cve
Tageszusammenfassung - 18.12.2024
CERT.at2025-02-01
Tageszusammenfassung - 18.12.2024 | End-of-Day report Timeframe: Dienstag 17-12-2024 18:00 - Mittwoch 18-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Critical security hole in Apache Struts under exploit A critical security hole in Apache Struts 2 [..] CVE-2024-53677 [..] is currently being exploited using publicly available proof-of-concept (PoC) code. https://go.theregister.com/feed/www.theregister.com/2024/12/17/critical_rce_apache_struts/ How to Lose
cert.at
rss
forum
news
CVE-2024-52049 | Trend Micro Apex One/Apex One as a Service LogServer link following
vuldb.com2024-12-31
CVE-2024-52049 | Trend Micro Apex One/Apex One as a Service LogServer link following | A vulnerability was found in Trend Micro Apex One and Apex One as a Service. It has been classified as critical. This affects an unknown part of the component LogServer. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2024-52049. The attack needs to be
vuldb.com
rss
forum
news

Social Media

CVE-2024-52049 A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is … https://t.co/IoxEGXXDki
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://success.trendmicro.com/en-US/solution/KA-0018217

CWE Details

CWE IDCWE NameDescription
CWE-266Incorrect Privilege AssignmentA product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence