CVE-2023-25147Uncontrolled Search Path Element in Micro INC Trend Micro Apex ONE

CWE-427Uncontrolled Search Path Element5 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 79.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedMar 10
Latest updateOct 15

Description

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.11960+1
CVEListV5trend_micro_inc/trend_micro_apex_one2019 (14.0)14.0.0.11564

🔴Vulnerability Details

2
GHSA
GHSA-x6x2-74g9-vjcw: An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the pro2023-03-10
CVEList
CVE-2023-25147: An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the pro2023-03-07

📋Vendor Advisories

2
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Apache Portable Runtime Utility) — CVE-2022-251472023-10-15
Oracle
Oracle Oracle Communications Risk Matrix: Virtual Network Function Manager (Apache Portable Runtime Utility) — CVE-2022-251472023-07-15
CVE-2023-25147 — Uncontrolled Search Path Element | cvebase