Show filters
493 Total Results
Displaying 21-30 of 493
Sort by:
Attacker Value
Unknown
CVE-2023-52338
Disclosure Date: January 23, 2024 (last updated February 01, 2024)
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
0
Attacker Value
Unknown
CVE-2023-52337
Disclosure Date: January 23, 2024 (last updated February 01, 2024)
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
0
Attacker Value
Unknown
CVE-2023-52331
Disclosure Date: January 23, 2024 (last updated January 31, 2024)
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
0
Attacker Value
Unknown
CVE-2023-52330
Disclosure Date: January 23, 2024 (last updated January 30, 2024)
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central.
Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
0
Attacker Value
Unknown
CVE-2023-52329
Disclosure Date: January 23, 2024 (last updated January 30, 2024)
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52326.
0
Attacker Value
Unknown
CVE-2023-52328
Disclosure Date: January 23, 2024 (last updated January 30, 2024)
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52329.
0
Attacker Value
Unknown
CVE-2023-52327
Disclosure Date: January 23, 2024 (last updated January 30, 2024)
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52328.
0
Attacker Value
Unknown
CVE-2023-52326
Disclosure Date: January 23, 2024 (last updated January 30, 2024)
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52327.
0
Attacker Value
Unknown
CVE-2023-52325
Disclosure Date: January 23, 2024 (last updated January 31, 2024)
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations.
Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.
0
Attacker Value
Unknown
CVE-2023-52324
Disclosure Date: January 23, 2024 (last updated January 31, 2024)
An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations.
Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code.
0