{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-58105","assignerOrgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","state":"PUBLISHED","assignerShortName":"trendmicro","dateReserved":"2025-03-25T17:10:21.396Z","datePublished":"2025-03-25T17:37:39.464Z","dateUpdated":"2026-02-26T19:09:11.806Z"},"containers":{"cna":{"affected":[{"vendor":"Trend Micro, Inc.","product":"Trend Micro Apex One","versions":[{"version":"2019 (14.0)","status":"affected","versionType":"semver","lessThan":"14.0.0.13122"}]},{"vendor":"Trend Micro, Inc.","product":"Trend Micro Apex One as a Service","versions":[{"version":"SaaS","status":"affected","versionType":"semver","lessThan":"14.0.13260"}]}],"descriptions":[{"lang":"en","value":"A vulnerability  in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. \r\n\r\nThis CVE address an addtional bypass not covered in CVE-2024-58104.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."}],"providerMetadata":{"orgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","shortName":"trendmicro","dateUpdated":"2025-03-25T17:37:39.464Z"},"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0018217"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-58105","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-03-26T03:55:24.784349Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-286","description":"CWE-286 Incorrect User Management"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T19:09:11.806Z"}}]}}