CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32536
https://notcve.org/view.php?id=CVE-2023-32536
26 Jun 2023 — Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-32522
https://notcve.org/view.php?id=CVE-2023-32522
26 Jun 2023 — A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 26%CPEs: 1EXPL: 1CVE-2023-32521
https://notcve.org/view.php?id=CVE-2023-32521
26 Jun 2023 — A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30902
https://notcve.org/view.php?id=CVE-2023-30902
26 Jun 2023 — A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28929
https://notcve.org/view.php?id=CVE-2023-28929
26 Jun 2023 — Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. • https://helpcenter.trendmicro.com/en-us/article/tmka-19062 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34144 – Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34144
08 Jun 2023 — An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Mi... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34145 – Trend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34145
08 Jun 2023 — An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Mi... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34146 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34146
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. This vulnerabilit... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34147 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34147
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. This vulnerabilit... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-34148 – Trend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-34148
08 Jun 2023 — An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. This vulnerabilit... • https://success.trendmicro.com/dcx/s/solution/000293322?language=en_US • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •