CVE-2023-38626

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is a similar, but not identical vulnerability as CVE-2023-38625.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1000/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1000/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00148

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-5prg-h6vm-wxcf

CVSS3: 5.4

github

около 2 лет назад

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625.

BDU:2023-04697

CVSS3: 9.1

fstec

больше 2 лет назад

Уязвимость модуля modVulnerabilityProtect виджетов панели мониторинга средства мониторинга и управления безопасностью Trend Micro Apex Central, позволяющая нарушителю осуществить SSRF-атаку