Lucene search

[email protected]NVD:CVE-2023-52325

HistoryJan 23, 2024 - 9:15 p.m.

CVE-2023-52325

2024-01-2321:15:09

CWE-98

[email protected]

web.nvd.nist.gov

vulnerability

remote attacker

execute

arbitrary code

exploit

credentials

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.3%

JSON

A local file inclusion vulnerability in one of Trend Micro Apex Central’s widgets could allow a remote attacker to execute arbitrary code on affected installations.

Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.

Affected configurations

Nvd

Node

trendmicroapex_centralMatch2019-windows

VendorProductVersionCPE
trendmicroapex_central2019cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:windows:*:*

Vendor	Product	Version	CPE
trendmicro	apex_central	2019	cpe:2.3:a:trendmicro:apex_central:2019:-::::windows::*

References

success.trendmicro.com/dcx/s/solution/000296153?language=en_US

www.zerodayinitiative.com/advisories/ZDI-24-024/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.3%

JSON

Related for NVD:CVE-2023-52325

cvelist1 zdi1 cve1 cnvd1 vulnrichment1 prion1