CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2023-32529 – Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32529
17 May 2023 — Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 12%CPEs: 1EXPL: 0CVE-2023-32530 – Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32530
17 May 2023 — Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2022-26871 – Trend Micro Apex Central Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2022-26871
29 Mar 2022 — An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. Una vulnerabilidad de carga de archivos arbitrarios en Trend Micro Apex Central podría permitir a un atacante remoto no autenticado cargar un archivo arbitrario que podría conllevar a una ejecución de código remota An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. • https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-25252
https://notcve.org/view.php?id=CVE-2021-25252
03 Mar 2021 — Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. La API Virus Scan (VSAPI) y el Advanced Threat Scan Engine (ATSE) de Trend Micro, son susceptibles a una vulnerabilidad de agotamiento de la memoria que puede conllevar a una denegación de servicio o a un congelamiento del sistema si es explotada por un atacante usando ... • https://success.trendmicro.com/solution/000285675 • CWE-400: Uncontrolled Resource Consumption •