Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-32537 (GCVE-0-2023-32537)
Vulnerability from cvelistv5 – Published: 2023-06-26 21:55 – Updated: 2024-10-21 21:11
VLAI?
EPSS
Summary
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32536.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex Central |
Affected:
2019 (8.0) , < 8.0.0.6394
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:07:05.878826Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:44.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex Central",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "8.0.0.6394",
"status": "affected",
"version": "2019 (8.0)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:55:43.951Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-32537",
"datePublished": "2023-06-26T21:55:43.951Z",
"dateReserved": "2023-05-09T17:30:26.269Z",
"dateUpdated": "2024-10-21T21:11:44.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:18:37.535Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32537\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T21:07:05.878826Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T21:08:37.064Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Trend Micro, Inc.\", \"product\": \"Trend Micro Apex Central\", \"versions\": [{\"status\": \"affected\", \"version\": \"2019 (8.0)\", \"lessThan\": \"8.0.0.6394\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \\r\\n\\r\\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\\r\\n\\r\\nThis is similar to, but not identical to CVE-2023-32536.\"}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2023-06-26T21:55:43.951Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-32537\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T21:11:44.863Z\", \"dateReserved\": \"2023-05-09T17:30:26.269Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2023-06-26T21:55:43.951Z\", \"assignerShortName\": \"trendmicro\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
JVNDB-2023-002100
Vulnerability from jvndb - Published: 2023-06-14 14:47 - Updated:2024-05-23 15:23
Severity ?
Summary
Security updates for multiple Trend Micro products for enterprises (June 2023)
Details
Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"dc:date": "2024-05-23T15:23+09:00",
"dcterms:issued": "2023-06-14T14:47+09:00",
"dcterms:modified": "2024-05-23T15:23+09:00",
"description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_central",
"@product": "Apex Central",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:mobile_security",
"@product": "Trend Micro Mobile Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002100",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91852506/",
"@id": "JVNVU#91852506",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/vu/JVNVU93384719/index.html",
"@id": "JVNVU#93384719",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/426.html",
"@id": "CWE-426",
"@title": "Untrusted Search Path(CWE-426)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/269.html",
"@id": "CWE-269",
"@title": "Improper Privilege Management(CWE-269)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Security updates for multiple Trend Micro products for enterprises (June 2023)"
}
GSD-2023-32537
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32536.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-32537",
"id": "GSD-2023-32537"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-32537"
],
"details": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536.",
"id": "GSD-2023-32537",
"modified": "2023-12-13T01:20:23.696054Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2023-32537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex Central",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2019 (8.0)",
"version_value": "8.0.0.6394"
}
]
}
}
]
},
"vendor_name": "Trend Micro, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2023-32537"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-06-30T14:37Z",
"publishedDate": "2023-06-26T22:15Z"
}
}
}
CERTFR-2023-AVI-0387
Vulnerability from certfr_avis - Published: 2023-05-17 - Updated: 2023-05-17
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One et Apex Central. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One version 2019 sans le correctif de sécurité SP1 Critical Patch B120 | ||
| Trend Micro | Apex One | Apex Central version 2019 sans le correctif de sécurité Patch 4 (B6394) | ||
| Trend Micro | Apex One | Apex One as a Service versions antérieures à la maintenance d'avril 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One version 2019 sans le correctif de s\u00e9curit\u00e9 SP1 Critical Patch B120",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central version 2019 sans le correctif de s\u00e9curit\u00e9 Patch 4 (B6394)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service versions ant\u00e9rieures \u00e0 la maintenance d\u0027avril 2023",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32537"
},
{
"name": "CVE-2023-32553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32553"
},
{
"name": "CVE-2023-32557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32557"
},
{
"name": "CVE-2023-32535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32535"
},
{
"name": "CVE-2023-32536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32536"
},
{
"name": "CVE-2023-32554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32554"
},
{
"name": "CVE-2023-32556",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32556"
},
{
"name": "CVE-2023-30902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30902"
},
{
"name": "CVE-2023-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32529"
},
{
"name": "CVE-2023-32555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32555"
},
{
"name": "CVE-2023-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32605"
},
{
"name": "CVE-2023-32552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32552"
},
{
"name": "CVE-2023-32531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32531"
},
{
"name": "CVE-2023-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32530"
},
{
"name": "CVE-2023-32604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32604"
}
],
"initial_release_date": "2023-05-17T00:00:00",
"last_revision_date": "2023-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0387",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TrendMicro Apex One\net Apex Central. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One et Apex Central",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293107 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293108 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
GHSA-M3H2-RHCX-2F6X
Vulnerability from github – Published: 2023-06-27 00:30 – Updated: 2024-04-04 05:11
VLAI?
Details
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32536.
Severity ?
5.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-32537"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-26T22:15:10Z",
"severity": "MODERATE"
},
"details": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \n\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\n\nThis is similar to, but not identical to CVE-2023-32536.",
"id": "GHSA-m3h2-rhcx-2f6x",
"modified": "2024-04-04T05:11:24Z",
"published": "2023-06-27T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32537"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
CNVD-2023-57668
Vulnerability from cnvd - Published: 2023-07-20
VLAI Severity ?
Title
Trend Micro Apex Central跨站脚本漏洞(CNVD-2023-57668)
Description
Trend Micro Apex Central是美国趋势科技(Trend Micro)公司的一个基于Web的控制台。
Trend Micro Apex Central存在跨站脚本漏洞,攻击者可利用该漏洞注入恶意脚本或HTML代码。
Severity
中
Patch Name
Trend Micro Apex Central跨站脚本漏洞(CNVD-2023-57668)的补丁
Patch Description
Trend Micro Apex Central是美国趋势科技(Trend Micro)公司的一个基于Web的控制台。
Trend Micro Apex Central存在跨站脚本漏洞,攻击者可利用该漏洞注入恶意脚本或HTML代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
Reference
https://success.trendmicro.com/solution/000293107
Impacted products
| Name | Trend Micro Apex Central 2019 (On-prem) |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-32537",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-32537"
}
},
"description": "Trend Micro Apex Central\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u63a7\u5236\u53f0\u3002\n\nTrend Micro Apex Central\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-57668",
"openTime": "2023-07-20",
"patchDescription": "Trend Micro Apex Central\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u57fa\u4e8eWeb\u7684\u63a7\u5236\u53f0\u3002\r\n\r\nTrend Micro Apex Central\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Trend Micro Apex Central\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-57668\uff09\u7684\u8865\u4e01",
"products": {
"product": "Trend Micro Apex Central 2019 (On-prem)"
},
"referenceLink": "https://success.trendmicro.com/solution/000293107",
"serverity": "\u4e2d",
"submitTime": "2023-05-29",
"title": "Trend Micro Apex Central\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-57668\uff09"
}
CVE-2023-32537
Vulnerability from fstec - Published: 16.05.2023
VLAI Severity ?
Title
Уязвимость средства мониторинга и управления безопасностью Trend Micro Apex Central, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга
Description
Уязвимость средства мониторинга и управления безопасностью Trend Micro Apex Central существует из-за непринятия мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга
Severity ?
Vendor
Trend Micro
Software Name
Trend Micro Apex Central
Software Version
2019 (Trend Micro Apex Central)
Possible Mitigations
Использование рекомендаций:
https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
Reference
https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
https://github.com/advisories/GHSA-m3h2-rhcx-2f6x
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Trend Micro",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2019 (Trend Micro Apex Central)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://success.trendmicro.com/dcx/s/solution/000293107?language=en_US",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.05.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.12.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08440",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-32537",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Trend Micro Apex Central",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e Trend Micro Apex Central, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e Trend Micro Apex Central \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US\nhttps://github.com/advisories/GHSA-m3h2-rhcx-2f6x",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,1)"
}
FKIE_CVE-2023-32537
Vulnerability from fkie_nvd - Published: 2023-06-26 22:15 - Updated: 2025-12-22 13:53
Severity ?
Summary
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.
Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32536.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_central | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "F1A4CE49-201A-4A47-A760-6463C454A6AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. \r\n\r\nPlease note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.\r\n\r\nThis is similar to, but not identical to CVE-2023-32536."
}
],
"id": "CVE-2023-32537",
"lastModified": "2025-12-22T13:53:51.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-26T22:15:10.713",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…