CVE-2023-25143Uncontrolled Search Path Element in Micro INC Trend Micro Apex ONE

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.5%
top 12.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedMar 10

Description

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.11960+1
CVEListV5trend_micro_inc/trend_micro_apex_one2019 (14.0)14.0.0.11564

🔴Vulnerability Details

2
GHSA
GHSA-67qx-3xvh-c7xv: An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execut2023-03-10
CVEList
CVE-2023-25143: An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execut2023-03-07
CVE-2023-25143 — Uncontrolled Search Path Element | cvebase