CVE-2023-32525

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 49.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Moibile Security FOR Enterprise Trendmicro Mobile Security

Timeline

PublishedJun 26

Latest updateJun 27

Description

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5trend_micro,_inc./trend_micro_moibile_security_for_enterprise9.8 SP5 — 9.8.3294

▶NVDtrendmicro/mobile_security9.8

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-93cr-637p-8r5m: Trend Micro Mobile Security (Enterprise) 9↗2023-06-27

▶

CVEList

CVE-2023-32525: Trend Micro Mobile Security (Enterprise) 9↗2023-06-26

▶