CVE-2023-52331

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 7.1

EPSS Низкий

Описание

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Ссылки

https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-052/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-052/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:apex_central:2019:-:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00203

Низкий

7.1 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-jjfr-pq2x-mf69

CVSS3: 7.1

github

около 2 лет назад

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

BDU:2024-00368

CVSS3: 9.1

fstec