Trendmicro Apex Central vulnerabilities

CVE-2023-52329 [MEDIUM] CVE-2023-52329: Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scri Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326.

CVE-2023-38627 [MEDIUM] CVE-2023-38627: A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 20 A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This

CVE-2023-32529 [HIGH] CWE-89 CVE-2023-32529: Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allo Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical t

CVE-2023-32530 [HIGH] CVE-2023-32530: Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allo Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2

CVE-2023-32535 [MEDIUM] CVE-2023-32535: Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scri Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534.

CVE-2023-32533 [MEDIUM] CVE-2023-32533: Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scri Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

CVE-2023-32534 [MEDIUM] CVE-2023-32534: Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scri Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

CVE-2023-32537 [MEDIUM] CVE-2023-32537: Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated re Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but n

CVE-2023-32532 [MEDIUM] CVE-2023-32532: Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scri Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

CVE-2023-32536 [MEDIUM] CWE-79 CVE-2023-32536: Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated re Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to

CVE-2023-32604 [MEDIUM] CWE-79 CVE-2023-32604: Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated re Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to

CVE-2023-32531 [MEDIUM] CWE-79 CVE-2023-32531: Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scri Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535.

CVE-2023-32605 [MEDIUM] CVE-2023-32605: Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated re Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but n

CVE-2022-26871 [CRITICAL] CWE-345 CVE-2022-26871: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated re An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

CVE-2021-25252 [MEDIUM] CWE-400 CVE-2021-25252: Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a me Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.