CVE-2023-32537

Опубликовано: 26 июн. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues.

Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability.

This is similar to, but not identical to CVE-2023-32536.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
Patch
Vendor Advisory
https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00385

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-m3h2-rhcx-2f6x

CVSS3: 5.4

github

больше 2 лет назад

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536.

BDU:2023-08440

CVSS3: 4.1

fstec