CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41178 – Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41178
23 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41176 – Trend Micro Mobile Security for Enterprises DevicesManagementEditNotePopupTip Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-41176
19 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41177 – Trend Micro Mobile Security for Enterprises ServerUpdate_UpdateSuccessful Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-41177
19 Jan 2024 — Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. Las vulnerabilidades de cross-site scripting (XSS) reflejado en Trend Micro Mobile Security (Enterprise) podrían permitir una explotación contra una víctima autenticada que visita un enlace malicioso proporcionado por un ... • https://success.trendmicro.com/dcx/s/solution/000294695?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35695
https://notcve.org/view.php?id=CVE-2023-35695
26 Jun 2023 — A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-32522
https://notcve.org/view.php?id=CVE-2023-32522
26 Jun 2023 — A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.4EPSS: 26%CPEs: 1EXPL: 1CVE-2023-32521
https://notcve.org/view.php?id=CVE-2023-32521
26 Jun 2023 — A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2023-32523 – Trend Micro Mobile Security for Enterprises widget WFUser Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-32523
12 May 2023 — Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2023-32524 – Trend Micro Mobile Security for Enterprises widgetforsecurity WFUser Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-32524
12 May 2023 — Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32525 – Trend Micro Mobile Security for Enterprises widget set_certificates_config Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-32525
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526. This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterpris... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32526 – Trend Micro Mobile Security for Enterprises widgetforsecurity set_certificates_config Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-32526
12 May 2023 — Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525. This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterpris... • https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US • CWE-434: Unrestricted Upload of File with Dangerous Type •