A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47200.
[
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:*:*:*"
],
"vendor": "trendmicro",
"product": "apex_one",
"versions": [
{
"status": "affected",
"version": "14.0",
"lessThan": "14.0.0.12526",
"versionType": "custom"
}
],
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*"
],
"vendor": "trendmicro",
"product": "apex_one",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "14.0.12737",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
]