CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-52324 – Trend Micro Apex Central Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-52324
19 Jan 2024 — An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. Una vulnerabilidad de carga de archivos sin restricciones en Trend Mi... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52329 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-52329
18 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52326 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-52326
16 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52327 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-52327
16 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52328 – Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-52328
16 Jan 2024 — Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329. Ciertos widgets del panel de Trend Micro Apex Central (local) son vulnerables a ataques de cross-site scripting (XSS) que pueden permitir a un atacante lograr la ejecución remota de código en los servidores afectados. Tenga en cuen... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52331 – Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52331
11 Jan 2024 — A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central podría permitir a un atacante interactuar directamente con servicios intern... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2023-52325 – Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-52325
10 Jan 2024 — A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability. Una vulnerabilidad de inclusión de archivos locales en uno de los widgets de Trend Micro Apex Central podría per... • https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38624 – Trend Micro Apex Central modTMSL Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2023-38624
26 Jul 2023 — A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627. Una vulnerabilidad de server-side request forgery (SSRF) posterior ... • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38625 – Trend Micro Apex Central modDeepSecurity Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38625
26 Jul 2023 — A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en T... • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38626 – Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-38626
26 Jul 2023 — A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625. Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en T... • https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US • CWE-918: Server-Side Request Forgery (SSRF) •