The vulnerability of the Plug-in Manager service for Trend Micro’s anti-virus software programs, Apex One and Apex One as a Service, allows attackers to execute arbitrary code and gain increased privileges.

🗓️ 29 May 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Plug-in Manager flaw in Trend Micro Apex One and Apex One service enables code execution via file operations.

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2023-32555	27 Jun 202302:24	–	circl
CNNVD	Trend Micro Apex One 安全漏洞	26 Jun 202300:00	–	cnnvd
CNVD	Unspecified vulnerability in Trend Micro Apex One (CNVD-2023-65416)	29 Jun 202300:00	–	cnvd
CVE	CVE-2023-32555	26 Jun 202321:56	–	cve
Cvelist	CVE-2023-32555	26 Jun 202321:56	–	cvelist
EUVD	EUVD-2023-36799	3 Oct 202520:07	–	euvd
Japan Vulnerability Notes	Security updates for multiple Trend Micro products for enterprises (June 2023)	14 Jun 202305:47	–	jvn
NCSC	Vulnerabilities fixed in Trend Micro Apex One	17 May 202300:00	–	ncsc
NVD	CVE-2023-32555	26 Jun 202322:15	–	nvd
OSV	CVE-2023-32555	26 Jun 202322:15	–	osv

Vulners

Node

trend_micro apex_one_as_a_serviceRange<14.0.12105

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-19102
success	www.success.trendmicro.com/dcx/s/solution/000293108
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB20230516111
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-19102/

29 May 2023 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 26.8

CVSS 37.8

EPSS0.00047

plug-in manager trend micro apex one apex one service file operations code execution privilege escalation