CVE-2024-53647

Summary

Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.

Affected Software

VendorProductVersion RangeStatus
Trend Micro, Inc.Trend Micro ID Security3.0 < 3.0affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption
  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling
  • CWE-307: CWE-307: Improper Restriction of Excessive Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References