- 13/2024
- Critical
Trend Micro has released a security update to address several vulnerabilities across Trend Micro Apex Central.
The addressed vulnerabilities could allow the remote attacker to trigger cross-site scripting attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Trend Micro Apex Central Server-Side Request Forgery (CVE-2023-52331):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
2. Trend Micro Apex Central Local File Include Vulnerability (CVE-2023-52325):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2023-52324
- CVE-2023-52325
- CVE-2023-52326
- CVE-2023-52327
- CVE-2023-52328
- CVE-2023-52329
- CVE-2023-52330
- CVE-2023-52331
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.