JVNVU#98367862
Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)
Overview
Trend Micro Incorporated has released security updates for Trend Micro Apex Central.
Products Affected
- Trend Micro Apex Central 2019 prior to Build 6481
Description
Trend Micro Apex Central is vulnerable to multiple server-side request forgeries.
Trend Micro Incorporated has released Patch 5 (build 6481) for Trend Micro Apex Central.
Impact
Users of the product may interact directly with the internal or local services to which direct access should be restricted, potentially leading to leakage of sensitive information within the system.
For more information, refer to the information provided by the developer.
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released a patch below that contains a fix for this vulnerability.
- Trend Micro Apex Central 2019 Patch5 (build 6481)
Apply the Workaround
Applying the following workaround may mitigate the impact of these vulnerabilities.
- Permit access to the product only from the trusted network
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | SECURITY BULLETIN: July 2023 Security Bulletin for Trend Micro Apex Central |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.