Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-32557 (GCVE-0-2023-32557)
Vulnerability from cvelistv5 – Published: 2023-06-26 21:57 – Updated: 2024-12-04 21:16
VLAI?
EPSS
Summary
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex One |
Affected:
2019 , < 14.0.0.12024
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:trend_micro_apex_one:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trend_micro_apex_one",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "14.0.0.12024",
"status": "affected",
"version": "2019",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T21:13:05.087058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T21:16:16.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.12024",
"status": "affected",
"version": "2019",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:57:00.765Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-32557",
"datePublished": "2023-06-26T21:57:00.765Z",
"dateReserved": "2023-05-09T19:01:16.631Z",
"dateUpdated": "2024-12-04T21:16:16.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-32557",
"date": "2026-04-23",
"epss": "0.06426",
"percentile": "0.91099"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-32557\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2023-06-26T22:15:10.977\",\"lastModified\":\"2024-11-21T08:03:35.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*\",\"versionEndExcluding\":\"14.0.12105\",\"matchCriteriaId\":\"2BEB6165-97A6-4EE9-B7D8-66D62469AE79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF019D2D-C426-4D2D-A254-442CE777B41E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:18:37.609Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32557\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-04T21:13:05.087058Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:trend_micro_inc:trend_micro_apex_one:*:*:*:*:*:*:*:*\"], \"vendor\": \"trend_micro_inc\", \"product\": \"trend_micro_apex_one\", \"versions\": [{\"status\": \"affected\", \"version\": \"2019\", \"lessThan\": \"14.0.0.12024\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-04T21:14:56.883Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Trend Micro, Inc.\", \"product\": \"Trend Micro Apex One\", \"versions\": [{\"status\": \"affected\", \"version\": \"2019\", \"lessThan\": \"14.0.0.12024\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.\"}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2023-06-26T21:57:00.765Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-32557\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-04T21:16:16.359Z\", \"dateReserved\": \"2023-05-09T19:01:16.631Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2023-06-26T21:57:00.765Z\", \"assignerShortName\": \"trendmicro\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GSD-2023-32557
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-32557",
"id": "GSD-2023-32557"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-32557"
],
"details": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.",
"id": "GSD-2023-32557",
"modified": "2023-12-13T01:20:23.347467Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2023-32557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
},
"vendor_name": "Trend Micro, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.12105",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2023-32557"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-06-30T18:00Z",
"publishedDate": "2023-06-26T22:15Z"
}
}
}
GHSA-MMJ6-R83C-HQ4F
Vulnerability from github – Published: 2023-06-27 00:30 – Updated: 2024-04-04 05:11
VLAI?
Details
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2023-32557"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-26T22:15:10Z",
"severity": "CRITICAL"
},
"details": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.",
"id": "GHSA-mmj6-r83c-hq4f",
"modified": "2024-04-04T05:11:29Z",
"published": "2023-06-27T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32557"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2023-1225
Vulnerability from csaf_certbund - Published: 2023-05-16 22:00 - Updated: 2023-05-16 22:00Summary
Trend Micro Apex One: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Trend Micro Apex One ist eine Endpoint-Security Lösung.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Dateien manipulieren.
Betroffene Betriebssysteme: - Windows
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trend Micro Apex One ist eine Endpoint-Security L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Dateien manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1225 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1225.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1225 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1225"
},
{
"category": "external",
"summary": "TrendMicro Security Advisory vom 2023-05-16",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"source_lang": "en-US",
"title": "Trend Micro Apex One: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:56.260+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1225",
"initial_release_date": "2023-05-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Trend Micro Apex One \u003c SP1 Critical Patch B12024",
"product": {
"name": "Trend Micro Apex One \u003c SP1 Critical Patch B12024",
"product_id": "T027747",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:sp1_critical_patch_b12024"
}
}
},
{
"category": "product_name",
"name": "Trend Micro Apex One \u003c April 2023 Maintenance Hotfix - Build 202304 Security Agent version: 14.0.12105",
"product": {
"name": "Trend Micro Apex One \u003c April 2023 Maintenance Hotfix - Build 202304 Security Agent version: 14.0.12105",
"product_id": "T027748",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:april_2023_maintenance_hotfix_-_build_202304_security_agent_version_14.0.12105"
}
}
}
],
"category": "product_name",
"name": "Apex One"
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32557",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32557"
},
{
"cve": "CVE-2023-32556",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32556"
},
{
"cve": "CVE-2023-32555",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32555"
},
{
"cve": "CVE-2023-32554",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32554"
},
{
"cve": "CVE-2023-32553",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32553"
},
{
"cve": "CVE-2023-32552",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32552"
},
{
"cve": "CVE-2023-30902",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30902"
}
]
}
CERTFR-2023-AVI-0387
Vulnerability from certfr_avis - Published: 2023-05-17 - Updated: 2023-05-17
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One et Apex Central. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One version 2019 sans le correctif de sécurité SP1 Critical Patch B120 | ||
| Trend Micro | Apex One | Apex Central version 2019 sans le correctif de sécurité Patch 4 (B6394) | ||
| Trend Micro | Apex One | Apex One as a Service versions antérieures à la maintenance d'avril 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One version 2019 sans le correctif de s\u00e9curit\u00e9 SP1 Critical Patch B120",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central version 2019 sans le correctif de s\u00e9curit\u00e9 Patch 4 (B6394)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service versions ant\u00e9rieures \u00e0 la maintenance d\u0027avril 2023",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32537"
},
{
"name": "CVE-2023-32553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32553"
},
{
"name": "CVE-2023-32557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32557"
},
{
"name": "CVE-2023-32535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32535"
},
{
"name": "CVE-2023-32536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32536"
},
{
"name": "CVE-2023-32554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32554"
},
{
"name": "CVE-2023-32556",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32556"
},
{
"name": "CVE-2023-30902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30902"
},
{
"name": "CVE-2023-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32529"
},
{
"name": "CVE-2023-32555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32555"
},
{
"name": "CVE-2023-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32605"
},
{
"name": "CVE-2023-32552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32552"
},
{
"name": "CVE-2023-32531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32531"
},
{
"name": "CVE-2023-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32530"
},
{
"name": "CVE-2023-32604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32604"
}
],
"initial_release_date": "2023-05-17T00:00:00",
"last_revision_date": "2023-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0387",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TrendMicro Apex One\net Apex Central. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One et Apex Central",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293107 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293108 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
CNVD-2023-65423
Vulnerability from cnvd - Published: 2023-08-28
VLAI Severity ?
Title
Trend Micro Apex One路径遍历漏洞
Description
Trend Micro Apex One是美国趋势科技(Trend Micro)公司的一款终端防护软件。
Trend Micro Apex One存在路径遍历漏洞,该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素,攻击者可利用该漏洞将任意文件上传到管理服务器,从而导致使用系统权限远程执行代码。
Severity
高
Patch Name
Trend Micro Apex One路径遍历漏洞的补丁
Patch Description
Trend Micro Apex One是美国趋势科技(Trend Micro)公司的一款终端防护软件。
Trend Micro Apex One存在路径遍历漏洞,该漏洞源于程序未能正确地过滤资源或文件路径中的特殊元素,攻击者可利用该漏洞将任意文件上传到管理服务器,从而导致使用系统权限远程执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Reference
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Impacted products
| Name | ['Trend Micro Trend Micro Apex One 2019 (on-prem)', 'Trend Micro Apex One as a Service <14.0.12105'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-32557",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-32557"
}
},
"description": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\n\nTrend Micro Apex One\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u5230\u7ba1\u7406\u670d\u52a1\u5668\uff0c\u4ece\u800c\u5bfc\u81f4\u4f7f\u7528\u7cfb\u7edf\u6743\u9650\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-65423",
"openTime": "2023-08-28",
"patchDescription": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Apex One\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u5230\u7ba1\u7406\u670d\u52a1\u5668\uff0c\u4ece\u800c\u5bfc\u81f4\u4f7f\u7528\u7cfb\u7edf\u6743\u9650\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Trend Micro Apex One\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Trend Micro Trend Micro Apex One 2019 (on-prem)",
"Trend Micro Apex One as a Service \u003c14.0.12105"
]
},
"referenceLink": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"serverity": "\u9ad8",
"submitTime": "2023-06-29",
"title": "Trend Micro Apex One\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}
JVNDB-2023-002100
Vulnerability from jvndb - Published: 2023-06-14 14:47 - Updated:2024-05-23 15:23
Severity ?
Summary
Security updates for multiple Trend Micro products for enterprises (June 2023)
Details
Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"dc:date": "2024-05-23T15:23+09:00",
"dcterms:issued": "2023-06-14T14:47+09:00",
"dcterms:modified": "2024-05-23T15:23+09:00",
"description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_central",
"@product": "Apex Central",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:mobile_security",
"@product": "Trend Micro Mobile Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002100",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91852506/",
"@id": "JVNVU#91852506",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/vu/JVNVU93384719/index.html",
"@id": "JVNVU#93384719",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/426.html",
"@id": "CWE-426",
"@title": "Untrusted Search Path(CWE-426)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/269.html",
"@id": "CWE-269",
"@title": "Improper Privilege Management(CWE-269)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Security updates for multiple Trend Micro products for enterprises (June 2023)"
}
BDU:2023-05964
Vulnerability from fstec - Published: 26.06.2023
VLAI Severity ?
Title
Уязвимость антивирусных программных средств Trend Micro Apex One и Apex One as a Service, связанная с возможностью обхода пути, позволяющая нарушителю выполнить произвольный код с системными привилегиями
Description
Уязвимость антивирусных программных средств Trend Micro Apex One и Apex One as a Service связана с возможностью обхода пути. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с системными привилегиями путём загрузки вредоносного файла на сервер управления
Severity ?
Vendor
Trend Micro
Software Name
Apex One as a Service, Apex One
Software Version
до 14.0.12105 (Apex One as a Service), 2019 (On-prem) (Apex One)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование средств межсетевого экранирования уровня для ограничения возможности удалённого доступа;
- ограничение доступа из внешних сетей (Интернет);
- использование виртуальных частных сетей для организации удаленного доступа (VPN).
Использование рекомендаций производителя:
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Reference
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
CWE
CWE-22
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Trend Micro",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 14.0.12105 (Apex One as a Service), 2019 (On-prem) (Apex One)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.06.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.09.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05964",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-32557",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Apex One as a Service, Apex One",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Trend Micro Apex One \u0438 Apex One as a Service, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Trend Micro Apex One \u0438 Apex One as a Service \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u0443\u0442\u0451\u043c \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2023-32557
Vulnerability from fkie_nvd - Published: 2023-06-26 22:15 - Updated: 2024-11-21 08:03
Severity ?
Summary
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_one | * | |
| trendmicro | apex_one | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"matchCriteriaId": "2BEB6165-97A6-4EE9-B7D8-66D62469AE79",
"versionEndExcluding": "14.0.12105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges."
}
],
"id": "CVE-2023-32557",
"lastModified": "2024-11-21T08:03:35.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-26T22:15:10.977",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…