CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32531 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32531
24 May 2023 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32532 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32532
24 May 2023 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32533 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32533
24 May 2023 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32534 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32534
24 May 2023 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32535 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32535
24 May 2023 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2023-32529 – Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32529
17 May 2023 — Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 12%CPEs: 1EXPL: 0CVE-2023-32530 – Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32530
17 May 2023 — Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is ... • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32552 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32552
17 May 2023 — An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on ... • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32553 – Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32553
17 May 2023 — An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console. The issue result... • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32554 – Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-32554
17 May 2023 — A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Securit... • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •