CVE-2023-52324

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

8.8HIGH

EPSS

7.2%

top 8.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Apex Central Trendmicro Apex Central

Timeline

PublishedJan 23

Description

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro,_inc./trend_micro_apex_central2019 — 8.0.0.6570

▶NVDtrendmicro/apex_central2019

🔴Vulnerability Details

GHSA

GHSA-v576-wfmr-x3x7: An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installation↗2024-01-23

▶

CVEList

CVE-2023-52324: An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installation↗2024-01-23

▶