Published:2024/02/21 Last Updated:2024/02/21
JVNVU#96033712
Multiple vulnerabilities in Trend Micro Apex Central
Overview
Trend Micro Incorporated has released security updates for Trend Micro Apex Central.
Products Affected
- Apex Central 2019 (On-prem) prior to Build 6570
Description
Trend Micro Incorporated has released security updates for Trend Micro Apex Central.
Impact
- Unrestricted uploading of arbitrary files - CVE-2023-52324
- Arbitrary code execution due to a local file inclusion - CVE-2023-52325
- Arbitrary code execution due to cross-site scripting - CVE-2023-52326, CVE-2023-52327, CVE-2023-52328, CVE-2023-52329
- Privilege escalation due to cross-site scripting - CVE-2023-52330
- Information disclosure due to server-side request forgery - CVE-2023-52331
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
Apply the Workaround
Applying the following workaround may mitigate the impacts of these vulnerabilities.
- Permit access to the product only from the trusted network
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | SECURITY BULLETIN: January 9, 2024 Security Bulletin for Trend Micro Apex Central |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.