Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-30902 (GCVE-0-2023-30902)
Vulnerability from cvelistv5
Published
2023-06-26 21:52
Modified
2024-12-05 14:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T14:47:47.871075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:48:28.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Apex One",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "14.0.0.12024",
"status": "affected",
"version": "2019",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:52:39.860Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-30902",
"datePublished": "2023-06-26T21:52:39.860Z",
"dateReserved": "2023-04-20T16:13:07.652Z",
"dateUpdated": "2024-12-05T14:48:28.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-30902\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2023-06-26T22:15:09.793\",\"lastModified\":\"2024-12-05T15:15:06.587\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*\",\"versionEndExcluding\":\"14.0.12105\",\"matchCriteriaId\":\"2BEB6165-97A6-4EE9-B7D8-66D62469AE79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF019D2D-C426-4D2D-A254-442CE777B41E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:37:15.498Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-30902\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-05T14:47:47.871075Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"CWE-276 Incorrect Default Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-05T14:48:18.294Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Trend Micro, Inc.\", \"product\": \"Trend Micro Apex One\", \"versions\": [{\"status\": \"affected\", \"version\": \"2019\", \"lessThan\": \"14.0.0.12024\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.\"}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2023-06-26T21:52:39.860Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-30902\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-05T14:48:28.726Z\", \"dateReserved\": \"2023-04-20T16:13:07.652Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2023-06-26T21:52:39.860Z\", \"assignerShortName\": \"trendmicro\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cve-2023-30902
Vulnerability from jvndb
Published
2023-06-14 14:47
Modified
2024-05-23 15:23
Severity ?
Summary
Security updates for multiple Trend Micro products for enterprises (June 2023)
Details
Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"dc:date": "2024-05-23T15:23+09:00",
"dcterms:issued": "2023-06-14T14:47+09:00",
"dcterms:modified": "2024-05-23T15:23+09:00",
"description": "Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002100.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:apex_central",
"@product": "Apex Central",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:apex_one",
"@product": "Apex One",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:mobile_security",
"@product": "Trend Micro Mobile Security",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002100",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91852506/",
"@id": "JVNVU#91852506",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/vu/JVNVU93384719/index.html",
"@id": "JVNVU#93384719",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30902",
"@id": "CVE-2023-30902",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32521",
"@id": "CVE-2023-32521",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32522",
"@id": "CVE-2023-32522",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32523",
"@id": "CVE-2023-32523",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32524",
"@id": "CVE-2023-32524",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32525",
"@id": "CVE-2023-32525",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32526",
"@id": "CVE-2023-32526",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32527",
"@id": "CVE-2023-32527",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32528",
"@id": "CVE-2023-32528",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32552",
"@id": "CVE-2023-32552",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32553",
"@id": "CVE-2023-32553",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32554",
"@id": "CVE-2023-32554",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32555",
"@id": "CVE-2023-32555",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32556",
"@id": "CVE-2023-32556",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32557",
"@id": "CVE-2023-32557",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34144",
"@id": "CVE-2023-34144",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34145",
"@id": "CVE-2023-34145",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34146",
"@id": "CVE-2023-34146",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34147",
"@id": "CVE-2023-34147",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32529",
"@id": "CVE-2023-32529",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32530",
"@id": "CVE-2023-32530",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32531",
"@id": "CVE-2023-32531",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32532",
"@id": "CVE-2023-32532",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32533",
"@id": "CVE-2023-32533",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32534",
"@id": "CVE-2023-32534",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32535",
"@id": "CVE-2023-32535",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32536",
"@id": "CVE-2023-32536",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32537",
"@id": "CVE-2023-32537",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32604",
"@id": "CVE-2023-32604",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32605",
"@id": "CVE-2023-32605",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-34148",
"@id": "CVE-2023-34148",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/426.html",
"@id": "CWE-426",
"@title": "Untrusted Search Path(CWE-426)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/269.html",
"@id": "CWE-269",
"@title": "Improper Privilege Management(CWE-269)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Security updates for multiple Trend Micro products for enterprises (June 2023)"
}
WID-SEC-W-2023-1090
Vulnerability from csaf_certbund
Published
2023-04-26 22:00
Modified
2023-04-26 22:00
Summary
Trend Micro Maximum Security: Schwachstelle ermöglicht Privilegieneskalation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Trend Micro Maximum Security ist eine Desktop Security Suite.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Maximum Security ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trend Micro Maximum Security ist eine Desktop Security Suite.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Maximum Security ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1090 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1090.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1090 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1090"
},
{
"category": "external",
"summary": "Trend Micros Security Advisory vom 2023-04-26",
"url": "http://helpcenter.trendmicro.com/en-us/article/TMKA-19659"
}
],
"source_lang": "en-US",
"title": "Trend Micro Maximum Security: Schwachstelle erm\u00f6glicht Privilegieneskalation",
"tracking": {
"current_release_date": "2023-04-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:04.176+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1090",
"initial_release_date": "2023-04-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Trend Micro Maximum Security 17.7",
"product": {
"name": "Trend Micro Maximum Security 17.7",
"product_id": "T027535",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:maximum_security:17.7"
}
}
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30902",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Trend Micro Maximum Security. Der Fehler besteht, weil die Anwendung Sicherheitseinschr\u00e4nkungen nicht ordnungsgem\u00e4\u00df durchf\u00fchrt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern und unbeabsichtigt privilegierte Trend Micro-Registrierungsschl\u00fcssel einschlie\u00dflich der eigenen gesch\u00fctzten Registrierungsschl\u00fcssel zu l\u00f6schen."
}
],
"release_date": "2023-04-26T22:00:00.000+00:00",
"title": "CVE-2023-30902"
}
]
}
wid-sec-w-2023-1225
Vulnerability from csaf_certbund
Published
2023-05-16 22:00
Modified
2023-05-16 22:00
Summary
Trend Micro Apex One: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Trend Micro Apex One ist eine Endpoint-Security Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Dateien manipulieren.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trend Micro Apex One ist eine Endpoint-Security L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Dateien manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1225 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1225.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1225 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1225"
},
{
"category": "external",
"summary": "TrendMicro Security Advisory vom 2023-05-16",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"source_lang": "en-US",
"title": "Trend Micro Apex One: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:56.260+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1225",
"initial_release_date": "2023-05-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Trend Micro Apex One \u003c SP1 Critical Patch B12024",
"product": {
"name": "Trend Micro Apex One \u003c SP1 Critical Patch B12024",
"product_id": "T027747",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:sp1_critical_patch_b12024"
}
}
},
{
"category": "product_name",
"name": "Trend Micro Apex One \u003c April 2023 Maintenance Hotfix - Build 202304 Security Agent version: 14.0.12105",
"product": {
"name": "Trend Micro Apex One \u003c April 2023 Maintenance Hotfix - Build 202304 Security Agent version: 14.0.12105",
"product_id": "T027748",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:april_2023_maintenance_hotfix_-_build_202304_security_agent_version_14.0.12105"
}
}
}
],
"category": "product_name",
"name": "Apex One"
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32557",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32557"
},
{
"cve": "CVE-2023-32556",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32556"
},
{
"cve": "CVE-2023-32555",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32555"
},
{
"cve": "CVE-2023-32554",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32554"
},
{
"cve": "CVE-2023-32553",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32553"
},
{
"cve": "CVE-2023-32552",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32552"
},
{
"cve": "CVE-2023-30902",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30902"
}
]
}
WID-SEC-W-2023-1225
Vulnerability from csaf_certbund
Published
2023-05-16 22:00
Modified
2023-05-16 22:00
Summary
Trend Micro Apex One: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Trend Micro Apex One ist eine Endpoint-Security Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um beliebigen Programmcode mit Administratorrechten ausführen, seine Privilegien erweitern, Informationen offenlegen oder Dateien manipulieren.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trend Micro Apex One ist eine Endpoint-Security L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Trend Micro Apex One ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Dateien manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1225 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1225.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1225 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1225"
},
{
"category": "external",
"summary": "TrendMicro Security Advisory vom 2023-05-16",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"source_lang": "en-US",
"title": "Trend Micro Apex One: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:56.260+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1225",
"initial_release_date": "2023-05-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Trend Micro Apex One \u003c SP1 Critical Patch B12024",
"product": {
"name": "Trend Micro Apex One \u003c SP1 Critical Patch B12024",
"product_id": "T027747",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:sp1_critical_patch_b12024"
}
}
},
{
"category": "product_name",
"name": "Trend Micro Apex One \u003c April 2023 Maintenance Hotfix - Build 202304 Security Agent version: 14.0.12105",
"product": {
"name": "Trend Micro Apex One \u003c April 2023 Maintenance Hotfix - Build 202304 Security Agent version: 14.0.12105",
"product_id": "T027748",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:apex_one:april_2023_maintenance_hotfix_-_build_202304_security_agent_version_14.0.12105"
}
}
}
],
"category": "product_name",
"name": "Apex One"
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32557",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32557"
},
{
"cve": "CVE-2023-32556",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32556"
},
{
"cve": "CVE-2023-32555",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32555"
},
{
"cve": "CVE-2023-32554",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32554"
},
{
"cve": "CVE-2023-32553",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32553"
},
{
"cve": "CVE-2023-32552",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-32552"
},
{
"cve": "CVE-2023-30902",
"notes": [
{
"category": "description",
"text": "In Trend Micro Apex One existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten ausf\u00fchren, seine Privilegien erweitern, Informationen offenlegen oder Daten manipulieren."
}
],
"release_date": "2023-05-16T22:00:00.000+00:00",
"title": "CVE-2023-30902"
}
]
}
wid-sec-w-2023-1090
Vulnerability from csaf_certbund
Published
2023-04-26 22:00
Modified
2023-04-26 22:00
Summary
Trend Micro Maximum Security: Schwachstelle ermöglicht Privilegieneskalation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Trend Micro Maximum Security ist eine Desktop Security Suite.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Maximum Security ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme
- Windows
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Trend Micro Maximum Security ist eine Desktop Security Suite.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Trend Micro Maximum Security ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1090 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1090.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1090 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1090"
},
{
"category": "external",
"summary": "Trend Micros Security Advisory vom 2023-04-26",
"url": "http://helpcenter.trendmicro.com/en-us/article/TMKA-19659"
}
],
"source_lang": "en-US",
"title": "Trend Micro Maximum Security: Schwachstelle erm\u00f6glicht Privilegieneskalation",
"tracking": {
"current_release_date": "2023-04-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:04.176+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1090",
"initial_release_date": "2023-04-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-04-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Trend Micro Maximum Security 17.7",
"product": {
"name": "Trend Micro Maximum Security 17.7",
"product_id": "T027535",
"product_identification_helper": {
"cpe": "cpe:/a:trendmicro:maximum_security:17.7"
}
}
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-30902",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Trend Micro Maximum Security. Der Fehler besteht, weil die Anwendung Sicherheitseinschr\u00e4nkungen nicht ordnungsgem\u00e4\u00df durchf\u00fchrt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern und unbeabsichtigt privilegierte Trend Micro-Registrierungsschl\u00fcssel einschlie\u00dflich der eigenen gesch\u00fctzten Registrierungsschl\u00fcssel zu l\u00f6schen."
}
],
"release_date": "2023-04-26T22:00:00.000+00:00",
"title": "CVE-2023-30902"
}
]
}
ghsa-698x-9q5v-3fpq
Vulnerability from github
Published
2023-06-27 00:30
Modified
2024-04-04 05:10
Severity ?
VLAI Severity ?
Details
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
{
"affected": [],
"aliases": [
"CVE-2023-30902"
],
"database_specific": {
"cwe_ids": [
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-26T22:15:09Z",
"severity": "MODERATE"
},
"details": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.",
"id": "GHSA-698x-9q5v-3fpq",
"modified": "2024-04-04T05:10:59Z",
"published": "2023-06-27T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30902"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
gsd-2023-30902
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-30902",
"id": "GSD-2023-30902"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-30902"
],
"details": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.",
"id": "GSD-2023-30902",
"modified": "2023-12-13T01:20:52.164985Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2023-30902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Apex One",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2019",
"version_value": "14.0.0.12024"
}
]
}
}
]
},
"vendor_name": "Trend Micro, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.12105",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2023-30902"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-06-30T14:15Z",
"publishedDate": "2023-06-26T22:15Z"
}
}
}
cnvd-2023-65424
Vulnerability from cnvd
Title
Trend Micro Apex One权限提升漏洞(CNVD-2023-65424)
Description
Trend Micro Apex One是美国趋势科技(Trend Micro)公司的一款终端防护软件。
Trend Micro Apex One存在权限提升漏洞,攻击者可利用该漏洞删除注册表。
Severity
中
VLAI Severity ?
Patch Name
Trend Micro Apex One权限提升漏洞(CNVD-2023-65424)的补丁
Patch Description
Trend Micro Apex One是美国趋势科技(Trend Micro)公司的一款终端防护软件。
Trend Micro Apex One存在权限提升漏洞,攻击者可利用该漏洞删除注册表。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Reference
https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US
Impacted products
| Name | ['Trend Micro Trend Micro Apex One 2019 (on-prem)', 'Trend Micro Apex One as a Service <14.0.12105'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-30902",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-30902"
}
},
"description": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\n\nTrend Micro Apex One\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u6ce8\u518c\u8868\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-65424",
"openTime": "2023-08-28",
"patchDescription": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Apex One\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u6ce8\u518c\u8868\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Trend Micro Apex One\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2023-65424\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Trend Micro Trend Micro Apex One 2019 (on-prem)",
"Trend Micro Apex One as a Service \u003c14.0.12105"
]
},
"referenceLink": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US",
"serverity": "\u4e2d",
"submitTime": "2023-06-29",
"title": "Trend Micro Apex One\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2023-65424\uff09"
}
CERTFR-2023-AVI-0387
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans TrendMicro Apex One et Apex Central. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One version 2019 sans le correctif de sécurité SP1 Critical Patch B120 | ||
| Trend Micro | Apex One | Apex Central version 2019 sans le correctif de sécurité Patch 4 (B6394) | ||
| Trend Micro | Apex One | Apex One as a Service versions antérieures à la maintenance d'avril 2023 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One version 2019 sans le correctif de s\u00e9curit\u00e9 SP1 Critical Patch B120",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex Central version 2019 sans le correctif de s\u00e9curit\u00e9 Patch 4 (B6394)",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Apex One as a Service versions ant\u00e9rieures \u00e0 la maintenance d\u0027avril 2023",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32537"
},
{
"name": "CVE-2023-32553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32553"
},
{
"name": "CVE-2023-32557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32557"
},
{
"name": "CVE-2023-32535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32535"
},
{
"name": "CVE-2023-32536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32536"
},
{
"name": "CVE-2023-32554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32554"
},
{
"name": "CVE-2023-32556",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32556"
},
{
"name": "CVE-2023-30902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30902"
},
{
"name": "CVE-2023-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32529"
},
{
"name": "CVE-2023-32555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32555"
},
{
"name": "CVE-2023-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32605"
},
{
"name": "CVE-2023-32552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32552"
},
{
"name": "CVE-2023-32531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32531"
},
{
"name": "CVE-2023-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32530"
},
{
"name": "CVE-2023-32604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32604"
}
],
"initial_release_date": "2023-05-17T00:00:00",
"last_revision_date": "2023-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0387",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TrendMicro Apex One\net Apex Central. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TrendMicro Apex One et Apex Central",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293107 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293107?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TrendMicro 000293108 du 16 mai 2023",
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
]
}
fkie_cve-2023-30902
Vulnerability from fkie_nvd
Published
2023-06-26 22:15
Modified
2024-12-05 15:15
Severity ?
Summary
A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | apex_one | * | |
| trendmicro | apex_one | 2019 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*",
"matchCriteriaId": "2BEB6165-97A6-4EE9-B7D8-66D62469AE79",
"versionEndExcluding": "14.0.12105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations."
}
],
"id": "CVE-2023-30902",
"lastModified": "2024-12-05T15:15:06.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-26T22:15:09.793",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000293108?language=en_US"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…