← Back to CVEs
CVE-2023-32557
CRITICAL9.8
Description
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published6/26/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
microsoft:windowstrendmicro:apex_one
Weaknesses (CWE)
CWE-22
References
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US(security@trendmicro.com)
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.