CVE-2023-32552Improper Preservation of Permissions in Micro INC Trend Micro Apex ONE

CWE-281Improper Preservation of Permissions3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 45.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedJun 26
Latest updateJun 27

Description

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.12105+1
CVEListV5trend_micro_inc/trend_micro_apex_one201914.0.0.12024

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-2w2q-8f37-gjwc: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumsta2023-06-27
CVEList
CVE-2023-32552: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumsta2023-06-26
CVE-2023-32552 — Improper Preservation of Permissions | cvebase