CVE-2023-32557Path Traversal in Micro INC Trend Micro Apex ONE

CWE-22Path Traversal3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
5.5%
top 9.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedJun 26
Latest updateJun 27

Description

A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.12105+1
CVEListV5trend_micro_inc/trend_micro_apex_one201914.0.0.12024

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-mmj6-r83c-hq4f: A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary fi2023-06-27
CVEList
CVE-2023-32557: A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary fi2023-06-26
CVE-2023-32557 — Path Traversal | cvebase