CVE-2023-52330 – Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52330
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-29445 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29445
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities https://www.ptc.com/en/support/article/cs399528 • CWE-427: Uncontrolled Search Path Element •
CVE-2023-29444 – Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
https://notcve.org/view.php?id=CVE-2023-29444
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03 https://www.ptc.com/en/support/article/cs399528 • CWE-427: Uncontrolled Search Path Element •
CVE-2023-52094 – Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52094
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-028 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-52093 – Trend Micro Apex One Exposed Dangerous Function Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-52093
An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US https://www.zerodayinitiative.com/advisories/ZDI-24-029 • CWE-269: Improper Privilege Management •