CVE-2023-32553

Опубликовано: 26 июн. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.

This is similar to, but not identical to CVE-2023-32552.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-653/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-653/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*

Версия до 14.0.12105 (исключая)

cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00245

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-346

Связанные уязвимости

GHSA-gj96-qww7-fqc5

CVSS3: 5.3

github

больше 2 лет назад

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552.

BDU:2023-02865

CVSS3: 6.5

fstec

больше 3 лет назад

Уязвимость веб-консоли антивирусных программных средств Trend Micro Apex One и Apex One as a Service, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации