CVE-2024-52047

High CVSS 7.5

Overview

A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CWE: CWE-552 Published: 2024-12-31T16:15:25.923

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: lfi, rce (tag impact: VERY HIGH)

Recommended actions:

Normalize paths, use allowlists; block user-controlled file paths.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags