Published:2023/11/10 Last Updated:2023/11/10
JVNVU#98040889
Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)
Overview
Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.
Products Affected
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
Description
Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.
Impact
- Privilege escalation due to a link following vulnerability in the product's security agent - CVE-2023-47192
- Privilege escalation due to origin validation error vulnerabilities in the product's security agent - CVE-2023-47193, CVE-2023-47194, CVE-2023-47195, CVE-2023-47196, CVE-2023-47197, CVE-2023-47198, CVE-2023-47199
- Privilege escalation due to origin validation error vulnerabilities in the product's plug-in manager - CVE-2023-47200, CVE-2023-47201
- Privilege escalation due to a local file inclusion vulnerability in the product's management server - CVE-2023-47202
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the patch listed below that contains a fix for these vulnerabilities.
- Trend Micro Apex One On Premise (2019) SP1 CP 12526
Apply the Workaround
Applying the following workaround may mitigate the impact of these vulnerabilities.
- Restrict access to the product's administration console only from the trusted network
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | SECURITY BULLETIN: November 6, 2023 Bulletin for Apex One |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.