CVE-2023-38624 – Trend Micro Apex Central modTMSL Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2023-38624
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38625 hasta CVE-2023-38627. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-23-998 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-32605
https://notcve.org/view.php?id=CVE-2023-32605
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604. • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32604
https://notcve.org/view.php?id=CVE-2023-32604
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32605. • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32537
https://notcve.org/view.php?id=CVE-2023-32537
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536. • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32536
https://notcve.org/view.php?id=CVE-2023-32536
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •