CVE-2023-32553 — Origin Validation Error in Micro INC Trend Micro Apex ONE

CWE-346 — Origin Validation Error3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 46.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Apex ONE Trendmicro Apex ONE

Timeline

PublishedJun 26

Latest updateJun 27

Description

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDtrendmicro/apex_one< 14.0.12105+1

▶CVEListV5trend_micro_inc/trend_micro_apex_one2019 — 14.0.0.12024

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-gj96-qww7-fqc5: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumsta↗2023-06-27

▶

CVEList

CVE-2023-32553: An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumsta↗2023-06-26

▶