CVE-2023-32529 — SQL Injection in Micro INC Trend Micro Apex Central

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

3.4%

top 12.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Apex Central Trendmicro Apex Central

Timeline

PublishedJun 26

Latest updateJun 27

Description

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro_inc/trend_micro_apex_central2019 (8.0) — 8.0.0.6394

▶NVDtrendmicro/apex_central2019

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-55vx-hqgf-25fw: Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection t↗2023-06-27

▶

CVEList

CVE-2023-32529: Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection t↗2023-06-26

▶