Lucene search
HistoryMar 10, 2023 - 9:15 p.m.
CVE-2023-25144
access control
vulnerability
trend micro
apex one
local attacker
elevated privileges
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.0%
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
Affected configurations
Node
trendmicroapex_oneRange<14.0.11960saas
ORtrendmicroapex_oneMatch2019-
microsoftwindowsMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| trendmicro:apex_one | trendmicro apex one | lt | 14.0.11960 |
| trendmicro:apex_one | trendmicro apex one | eq | 2019 |
CNA Affected
[
{
"vendor": "Trend Micro, Inc.",
"product": "Trend Micro Apex One",
"versions": [
{
"version": "2019 (14.0)",
"status": "affected",
"versionType": "semver",
"lessThan": "14.0.0.11564"
}
]
}
]Related
cvelist
cvelist
CVE-2023-25144
2023-03-07 22:19:31
prion
prion
Improper access control
2023-03-10 21:15:00
nvd
nvd
CVE-2023-25144
2023-03-10 21:15:14
zdi
zdi
nessus
nessus
Trend Micro Apex One Multiple Vulnerabilities (000292209)
2023-03-22 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
16.0%
Related for CVE-2023-25144