Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for Trend Micro Moibile Security for Enterprise by Trend Micro, Inc.

    CVE-2023-35695 (GCVE-0-2023-35695)

    Vulnerability from nvd – Published: 2023-06-26 21:58 – Updated: 2024-12-05 15:41
    VLAI
    Summary
    A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.203Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2023-17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T15:41:09.146535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T15:41:25.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:58:45.861Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.tenable.com/security/research/tra-2023-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-35695",
        "datePublished": "2023-06-26T21:58:45.861Z",
        "dateReserved": "2023-06-15T05:43:32.973Z",
        "dateUpdated": "2024-12-05T15:41:25.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32528 (GCVE-0-2023-32528)

    Vulnerability from nvd – Published: 2023-06-26 21:54 – Updated: 2024-12-04 16:41
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32528",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:39:50.442008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:41:15.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32527."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:54:13.506Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32528",
        "datePublished": "2023-06-26T21:54:13.506Z",
        "dateReserved": "2023-05-09T16:41:52.157Z",
        "dateUpdated": "2024-12-04T16:41:15.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32527 (GCVE-0-2023-32527)

    Vulnerability from nvd – Published: 2023-06-26 21:54 – Updated: 2024-12-04 16:47
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:47:23.094844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:47:57.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32528."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:54:06.329Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32527",
        "datePublished": "2023-06-26T21:54:06.329Z",
        "dateReserved": "2023-05-09T16:41:52.157Z",
        "dateUpdated": "2024-12-04T16:47:57.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32526 (GCVE-0-2023-32526)

    Vulnerability from nvd – Published: 2023-06-26 21:53 – Updated: 2024-12-04 16:50
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:50:36.922616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:50:41.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.  \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32525."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:56.403Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32526",
        "datePublished": "2023-06-26T21:53:56.403Z",
        "dateReserved": "2023-05-09T16:41:52.157Z",
        "dateUpdated": "2024-12-04T16:50:41.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32525 (GCVE-0-2023-32525)

    Vulnerability from nvd – Published: 2023-06-26 21:53 – Updated: 2024-12-05 14:44
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:43:24.300979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:44:11.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.  \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32526."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:44.335Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32525",
        "datePublished": "2023-06-26T21:53:44.335Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T14:44:11.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32524 (GCVE-0-2023-32524)

    Vulnerability from nvd – Published: 2023-06-26 21:53 – Updated: 2024-12-05 15:20
    VLAI
    Summary
    Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:38.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T18:29:28.457193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T15:20:38.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32523."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:33.392Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32524",
        "datePublished": "2023-06-26T21:53:33.392Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T15:20:38.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32523 (GCVE-0-2023-32523)

    Vulnerability from nvd – Published: 2023-06-26 21:53 – Updated: 2024-12-05 15:21
    VLAI
    Summary
    Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T17:19:22.720445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T15:21:04.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32524."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:22.785Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32523",
        "datePublished": "2023-06-26T21:53:22.785Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T15:21:04.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32522 (GCVE-0-2023-32522)

    Vulnerability from nvd – Published: 2023-06-26 21:53 – Updated: 2024-12-04 17:11
    VLAI
    Summary
    A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2023-17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32522",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T17:11:34.148913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:11:40.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:08.914Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.tenable.com/security/research/tra-2023-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32522",
        "datePublished": "2023-06-26T21:53:08.914Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-04T17:11:40.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32521 (GCVE-0-2023-32521)

    Vulnerability from nvd – Published: 2023-06-26 21:52 – Updated: 2024-12-05 14:45
    VLAI
    Summary
    A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2023-17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32521",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:45:41.411361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:45:54.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:52:58.464Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.tenable.com/security/research/tra-2023-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32521",
        "datePublished": "2023-06-26T21:52:58.464Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T14:45:54.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35695 (GCVE-0-2023-35695)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:58 – Updated: 2024-12-05 15:41
    VLAI
    Summary
    A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:30:44.203Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2023-17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35695",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T15:41:09.146535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T15:41:25.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:58:45.861Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.tenable.com/security/research/tra-2023-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-35695",
        "datePublished": "2023-06-26T21:58:45.861Z",
        "dateReserved": "2023-06-15T05:43:32.973Z",
        "dateUpdated": "2024-12-05T15:41:25.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32528 (GCVE-0-2023-32528)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:54 – Updated: 2024-12-04 16:41
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32528",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:39:50.442008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:41:15.502Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32527."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:54:13.506Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-591/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32528",
        "datePublished": "2023-06-26T21:54:13.506Z",
        "dateReserved": "2023-05-09T16:41:52.157Z",
        "dateUpdated": "2024-12-04T16:41:15.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32527 (GCVE-0-2023-32527)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:54 – Updated: 2024-12-04 16:47
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:47:23.094844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:47:57.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32528."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:54:06.329Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-590/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32527",
        "datePublished": "2023-06-26T21:54:06.329Z",
        "dateReserved": "2023-05-09T16:41:52.157Z",
        "dateUpdated": "2024-12-04T16:47:57.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32526 (GCVE-0-2023-32526)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:53 – Updated: 2024-12-04 16:50
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32526",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T16:50:36.922616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:50:41.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.  \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32525."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:56.403Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-586/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32526",
        "datePublished": "2023-06-26T21:53:56.403Z",
        "dateReserved": "2023-05-09T16:41:52.157Z",
        "dateUpdated": "2024-12-04T16:50:41.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32525 (GCVE-0-2023-32525)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:53 – Updated: 2024-12-05 14:44
    VLAI
    Summary
    Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:43:24.300979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:44:11.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.  \r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32526."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:44.335Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-589/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32525",
        "datePublished": "2023-06-26T21:53:44.335Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T14:44:11.782Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32524 (GCVE-0-2023-32524)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:53 – Updated: 2024-12-05 15:20
    VLAI
    Summary
    Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:38.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32524",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T18:29:28.457193Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T15:20:38.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32523."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:33.392Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-588/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32524",
        "datePublished": "2023-06-26T21:53:33.392Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T15:20:38.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32523 (GCVE-0-2023-32523)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:53 – Updated: 2024-12-05 15:21
    VLAI
    Summary
    Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T17:19:22.720445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T15:21:04.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.\r\n\r\nThis is similar to, but not identical to CVE-2023-32524."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:22.785Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-587/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32523",
        "datePublished": "2023-06-26T21:53:22.785Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T15:21:04.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32522 (GCVE-0-2023-32522)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:53 – Updated: 2024-12-04 17:11
    VLAI
    Summary
    A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2023-17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32522",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T17:11:34.148913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:11:40.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:53:08.914Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.tenable.com/security/research/tra-2023-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32522",
        "datePublished": "2023-06-26T21:53:08.914Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-04T17:11:40.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32521 (GCVE-0-2023-32521)

    Vulnerability from cvelistv5 – Published: 2023-06-26 21:52 – Updated: 2024-12-05 14:45
    VLAI
    Summary
    A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2023-17"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32521",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:45:41.411361Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:45:54.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Moibile Security for Enterprise",
              "vendor": "Trend Micro, Inc.",
              "versions": [
                {
                  "lessThan": "9.8.3294",
                  "status": "affected",
                  "version": "9.8 SP5",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T21:52:58.464Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "url": "https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US"
            },
            {
              "url": "https://www.tenable.com/security/research/tra-2023-17"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2023-32521",
        "datePublished": "2023-06-26T21:52:58.464Z",
        "dateReserved": "2023-05-09T16:41:52.156Z",
        "dateUpdated": "2024-12-05T14:45:54.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }