CVE-2023-32557
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
Source: CVE-2023-32557
CVE-2023-32528
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32527.
Source: CVE-2023-32528
CVE-2023-32522
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Source: CVE-2023-32522
CVE-2023-32521
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
Source: CVE-2023-32521
CVE-2023-32535
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
This is similar to, but not identical to CVE-2023-32531 through 32534.
Source: CVE-2023-32535
CVE-2023-32556
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Source: CVE-2023-32556
CVE-2023-32537
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32536.
Source: CVE-2023-32537
CVE-2023-32529
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.
Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.
This is similar to, but not identical to CVE-2023-32530.
Source: CVE-2023-32529
CVE-2023-32536
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32537.
Source: CVE-2023-32536
CVE-2023-32530
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.
Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.
This is similar to, but not identical to CVE-2023-32529.
Source: CVE-2023-32530