CVE-2023-38626
Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is a similar, but not identical vulnerability as CVE-2023-38625.
Una vulnerabilidad de server-side request forgery (SSRF) posterior a la autenticación en Trend Micro Apex Central 2019 (inferior a la compilación 6481) podría permitir a un atacante interactuar directamente con servicios internos o locales. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad. Esta es una vulnerabilidad similar, pero no idéntica, a CVE-2023-38625.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability.
The specific flaw exists within the modVulnerabilityProtect module. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to disclose information in the context of the service account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-20 CVE Reserved
- 2023-07-26 CVE Published
- 2024-01-31 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-1000 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US | 2024-01-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Apex Central Search vendor "Trendmicro" for product "Apex Central" | 2019 Search vendor "Trendmicro" for product "Apex Central" and version "2019" | windows |
Affected
|