CVE-2023-32527

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGH

EPSS

4.5%

top 10.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Moibile Security FOR Enterprise Trendmicro Mobile Security

Timeline

PublishedJun 26

Latest updateJun 27

Description

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro,_inc./trend_micro_moibile_security_for_enterprise9.8 SP5 — 9.8.3294

▶NVDtrendmicro/mobile_security9.8

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-wvg2-3xh6-wr4c: Trend Micro Mobile Security (Enterprise) 9↗2023-06-27

▶

CVEList

CVE-2023-32527: Trend Micro Mobile Security (Enterprise) 9↗2023-06-26

▶