35 matches found
CVE-2022-26871
Trend Micro Apex Central (on-prem and service) contains an unauthenticated arbitrary file upload vulnerability (CVE-2022-26871) that can lead to remote code execution. Public sources consistently describe a vulnerability in Apex Central’s file-upload handling (improper checks for file contents) t...
CVE-2023-32604
CVE-2023-32604 affects Trend Micro Apex Central (on-premise). The vulnerability is an authenticated, reflected cross-site scripting (XSS) issue caused by insufficient input validation and sanitization. An attacker must first authenticate to the Apex Central system to exploit the vulnerability. Th...
CVE-2023-32537
CVE-2023-32537 affects Trend Micro Apex Central (on-premise) with an authenticated reflected XSS vulnerability caused by insufficient input validation/sanitization. The issue concerns user-controlled input that can be reflected in responses after authentication, enabling an attacker who already h...
CVE-2023-32534
CVE-2023-32534 affects Trend Micro Apex Central (on-premises) dashboard widgets. The initial entry states they are vulnerable to cross-site scripting (XSS) that may allow remote code execution on affected servers, and notes this entry is related to CVE-2023-32531 through 32535. The provided metri...
CVE-2023-38624
CVE-2023-38624 describes a post-authenticated SSRF in Trend Micro Apex Central 2019 (builds lower than 6481). The vulnerability allows an attacker who can execute low-privilege code to interact with internal or local services directly. The description notes this is similar to CVE-2023-38625 throu...
CVE-2023-32535
Technical details for CVE-2023-32535 are not publicly available in the provided documents. Monitor for updates.
CVE-2023-32536
CVE-2023-32536 (and related CVE-2023-32537) affect Trend Micro Apex Central (on‑premise). The issue is authenticated reflected XSS caused by insufficient input validation/sanitization. An attacker must already have valid Apex Central authentication to exploit it. CVSS 3.1 base score 5.4 (Privileg...
CVE-2021-25252
CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...
CVE-2023-52324
CVE-2023-52324 affects Trend Micro Apex Central and describes an unrestricted file upload vulnerability that enables a remote attacker to create arbitrary files on affected installations. The core issue involves improper validation during file uploads (notably ZIP handling per ZDI advisory), allo...
CVE-2023-38626
CVE-2023-38626 (Trend Micro Apex Central 2019, build
CVE-2023-32605
Trend Micro Apex Central (on-premise) is affected by CVE-2023-32605, which describes an authenticated reflected cross-site scripting (XSS) vulnerability caused by user input validation and sanitization issues. An attacker must first authenticate to the Apex Central system to exploit this vulnerab...
CVE-2023-52329
CVE-2023-52329 affects the on‑premise Trend Micro Apex Central product. The issue concerns vulnerable dashboard widgets that permit cross‑site scripting (XSS), with the potential consequence described as remote code execution on affected servers. The vulnerability is noted as similar to CVE‑2023‑...
CVE-2023-52328
CVE-2023-52328 concerns Trend Micro Apex Central (on-premise) where certain dashboard widgets are vulnerable to cross-site scripting (XSS). The root cause and exact affected versions are not detailed in the provided documents; the descriptions only state an XSS flaw that may allow an attacker to ...
CVE-2023-32533
CVE-2023-32533 affects Trend Micro Apex Central (on-premise): certain dashboard widgets are vulnerable to cross-site scripting (XSS) that may allow an attacker to achieve remote code execution on affected servers. The provided documents do not specify the exact vulnerable components, root cause, ...
CVE-2023-52326
CVE-2023-52326 affects Trend Micro Apex Central (on-premise) dashboard widgets and is described as a cross-site scripting (XSS) vulnerability that may allow an attacker to achieve remote code execution on affected servers. Connected sources confirm the issue relates to on-premise components in th...
CVE-2023-52325
Trend Micro Apex Central is affected by a widget local file inclusion vulnerability that can lead to remote code execution . The underlying issue is inadequate validation of user-supplied data before it is used in a PHP include, specifically in the getObjWGFServiceApiByApiName function. Exploitat...
CVE-2023-38625
CVE-2023-38625 represents a post-authenticated SSRF in Trend Micro Apex Central 2019 (builds older than 6481). The vulnerability allows an attacker who has gained low-privilege code execution to interact with internal or local services directly. The files/endpoint or component implicated are not ...
CVE-2023-52331
The CVE-2023-52331 issue is a post-authenticated SSRF vulnerability in Trend Micro Apex Central. Affected software/function: Apex Central; attacker must first execute low-privilege code on the target. Impact: can interact with internal or local services directly; potential information disclosure ...
CVE-2023-52327
Technical details for CVE-2023-52327 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories to obtain affected products, impact, and remediation.
CVE-2023-32532
CVE-2023-32532 describes a vulnerability in Trend Micro Apex Central (on-premise) where certain dashboard widgets are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. The initial description provides the affected pro...
CVE-2023-32531
CVE-2023-32531 affects Trend Micro Apex Central (on-premise) dashboard widgets vulnerable to cross-site scripting (XSS) that may allow an attacker to achieve remote code execution on affected servers. Root cause identified as an XSS flaw in specific widgets; impact is remote code execution per th...
CVE-2023-38627
Trend Micro Apex Central 2019 (builds lower than 6481) is affected by a post-authenticated SSRF. An attacker who can run low-privilege code can interact with internal or local services directly. The description notes no requirement for user interaction, and CVSS data rates this as Medium with lim...
CVE-2023-32529
CVE-2023-32529 concerns Trend Micro Apex Central (on-premise) with vulnerable modules that allow authenticated users to perform a SQL injection leading to remote code execution. The description confirms an authenticated-prerequisite attack and notes similarity to CVE-2023-32530. Connected sources...
CVE-2023-32530
Technical details for CVE-2023-32530 are not publicly available in the provided documents. Information about affected products, versions, impact, or fixes is not present here. Monitor for updates from vendors and security advisories.
CVE-2025-49219
CVE-2025-49219 describes an insecure deserialization in Trend Micro Apex Central, affecting versions below 8.0.7007 and leading to pre-authentication remote code execution. The vulnerability type and impact are stated in public CVE entries (pre-auth RCE; high impact). Connected documents corrobor...
CVE-2025-49220
Trend Micro Apex Central is affected by CVE-2025-49220 due to an insecure deserialization vulnerability in versions below 8.0.7007. The issue allows pre-authentication remote code execution on affected installations and is noted to be in a different method from CVE-2025-49219. The CVSSv3 data ind...
CVE-2025-30678
Trend Micro Apex Central (on-premise) modTMSM is affected by CVE-2025-30678, a Server-side Request Forgery (SSRF) that allows an attacker to manipulate certain parameters and cause information disclosure. The issue stems from insufficient validation in the modTMSM component, enabling potential le...
CVE-2025-30679
Trend Micro Apex Central on‑premise modOSCE component is affected by a Server‑side Request Forgery (SSRF) that can be triggered by manipulating certain parameters to disclose information. The sources consistently describe information disclosure as the impact; no specific exploit details or CVSS a...
CVE-2025-47866
The CVE-2025-47866 vulnerability is in Trend Micro Apex Central, specifically the modTMCM widget, and affects installations running versions prior to 8.0.6955. The issue stems from insufficient validation in the modTMCM webapp widget, enabling an attacker to upload arbitrary files to affected sys...
CVE-2025-69258
Trend Micro Apex Central is affected by CVE-2025-69258 (LoadLibraryEX). The vulnerability allows an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to code execution under the SYSTEM context on affected installations. Current public details indica...
CVE-2025-47865
CVE-2025-47865 : A Local File Inclusion vulnerability affects Trend Micro Apex Central widget in versions below 8.0.6955. The flaw exists in the getObjWGFServiceApiByApiName function and can lead to remote code execution on affected installations. Exploitation details in public disclosures indica...
CVE-2025-47867
CVE-2025-47867 concerns a Local File Inclusion in Trend Micro Apex Central widget for versions
CVE-2025-30680
CVE-2025-30680 is an SSRF vulnerability in Trend Micro Apex Central SaaS that could lead to information disclosure by manipulating certain parameters. Affected product is Apex Central SaaS; CVSSv3.1 base score 7.1 (HIGH) with NETWORK attack vector, low attack complexity, low privileges, no user i...
CVE-2025-69259
Trend Micro Apex Central is affected by CVE-2025-69259, a remote-unauthenticated vulnerability characterized as a message unchecked NULL return value that can cause a denial-of-service. Connected sources (JVNDB, RH, NCSC, CNNVD) confirm a multi-vulnerability context for Trend Micro Apex Central a...
CVE-2025-69260
CVE-2025-69260 is a Trend Micro Apex Central vulnerability described in connected sources as a message out-of-bounds read that can allow an unauthenticated remote attacker to cause a denial-of-service. The issue is discussed across multiple feeds (NVD, JVNDB, RH Red Hat, ENISA/NNCS, CNNVD, and Ne...