CVE-2023-32536
https://notcve.org/view.php?id=CVE-2023-32536
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. • https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32522
https://notcve.org/view.php?id=CVE-2023-32522
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US https://www.tenable.com/security/research/tra-2023-17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-32521
https://notcve.org/view.php?id=CVE-2023-32521
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US https://www.tenable.com/security/research/tra-2023-17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-30902
https://notcve.org/view.php?id=CVE-2023-30902
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. • https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US •
CVE-2023-28929
https://notcve.org/view.php?id=CVE-2023-28929
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. • https://helpcenter.trendmicro.com/en-us/article/tmka-19062 • CWE-427: Uncontrolled Search Path Element •