CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52331 – Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52331
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-052 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52325 – Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-52325
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. Una vulnerabilidad de inclusión de archivos locales en uno de los widgets de Trend Micro Apex Central podría permitir que un atacante remoto ejecute código arbitrario en las instalaciones afectadas. Tenga en cuenta: esta vulnerabilidad debe usarse junto con otra para explotar un sistema afectado. Además, un atacante primero debe obtener un conjunto válido de credenciales en el sistema de destino para poder aprovechar esta vulnerabilidad. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-024 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38624 – Trend Micro Apex Central modTMSL Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2023-38624
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38625 hasta CVE-2023-38627. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-998 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38627 – Trend Micro Apex Central modTXSO Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38627
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38626. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1001 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38626 – Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38626
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38625. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-1000 • CWE-918: Server-Side Request Forgery (SSRF) •