CVE-2023-32529

Опубликовано: 26 июн. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.

Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.

This is similar to, but not identical to CVE-2023-32530.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-652/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-652/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02611

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-55vx-hqgf-25fw

CVSS3: 8.8

github

больше 2 лет назад

Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530.

BDU:2023-02875

CVSS3: 7.2

fstec

больше 3 лет назад

Уязвимость средства мониторинга и управления безопасностью Trend Micro Apex Central, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код