漏洞标题
N/A
漏洞描述信息
Trend Micro Apex One 和 Trend Micro Apex One 作为一种服务中的 Damage Cleanup Engine 组件中的一个链接遵循漏洞可能会允许本地攻击者通过创建一个符号链接并滥用服务来删除文件,从而升級权限。请注意:攻击者必须先获得在目标系统中执行低特权代码的能力,才能利用此漏洞。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Trend Micro Apex One 后置链接漏洞
漏洞描述信息
Trend Micro Apex One是美国趋势科技(Trend Micro)公司的一款终端防护软件。 Trend Micro Apex One和Trend Micro Apex One as a Service存在安全漏洞。攻击者利用该漏洞通过创建符号链接并滥用该服务删除文件来提升权限。
CVSS信息
N/A
漏洞类别
后置链接