CVE-2023-52325

CWE-983 documents3 sources

Severity

7.5HIGH

EPSS

3.1%

top 13.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Apex Central Trendmicro Apex Central

Timeline

PublishedJan 23

Description

A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro,_inc./trend_micro_apex_central2019 — 8.0.0.6570

▶NVDtrendmicro/apex_central2019

🔴Vulnerability Details

GHSA

GHSA-6pp8-37pj-mhcc: A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected↗2024-01-23

▶

CVEList

CVE-2023-52325: A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected↗2024-01-23

▶