Action not permitted
Modal body text goes here.
Modal Title
Modal Body
jvndb-2023-006199
Vulnerability from jvndb
Published
2023-11-13 17:28
Modified
2024-03-13 17:28
Severity ?
Summary
Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)
Details
Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Apex One |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006199.html", "dc:date": "2024-03-13T17:28+09:00", "dcterms:issued": "2023-11-13T17:28+09:00", "dcterms:modified": "2024-03-13T17:28+09:00", description: "Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.", link: "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006199.html", "sec:cpe": { "#text": "cpe:/a:trendmicro:apex_one", "@product": "Apex One", "@vendor": "Trend Micro, Inc.", "@version": "2.2", }, "sec:cvss": { "@score": "7.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0", }, "sec:identifier": "JVNDB-2023-006199", "sec:references": [ { "#text": "http://jvn.jp/en/vu/JVNVU98040889/index.html", "@id": "JVNVU#98040889", "@source": "JVN", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47192", "@id": "CVE-2023-47192", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47193", "@id": "CVE-2023-47193", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47194", "@id": "CVE-2023-47194", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47195", "@id": "CVE-2023-47195", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47196", "@id": "CVE-2023-47196", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47197", "@id": "CVE-2023-47197", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47198", "@id": "CVE-2023-47198", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47199", "@id": "CVE-2023-47199", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47200", "@id": "CVE-2023-47200", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47201", "@id": "CVE-2023-47201", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-47202", "@id": "CVE-2023-47202", "@source": "CVE", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47192", "@id": "CVE-2023-47192", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47193", "@id": "CVE-2023-47193", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47194", "@id": "CVE-2023-47194", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47195", "@id": "CVE-2023-47195", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47196", "@id": "CVE-2023-47196", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47197", "@id": "CVE-2023-47197", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47198", "@id": "CVE-2023-47198", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47199", "@id": "CVE-2023-47199", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47200", "@id": "CVE-2023-47200", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47201", "@id": "CVE-2023-47201", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-47202", "@id": "CVE-2023-47202", "@source": "NVD", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)", }, ], title: "Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)", }
cve-2023-47195
Vulnerability from cvelistv5
Published
2024-01-23 20:37
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47196.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1615/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47196.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:37:17.620Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1615/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47195", datePublished: "2024-01-23T20:37:17.620Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-08-02T21:01:22.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47202
Vulnerability from cvelistv5
Published
2024-01-23 20:38
Modified
2024-11-13 15:28
Severity ?
EPSS score ?
Summary
A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.800Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1621/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-47202", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:27:39.163657Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:28:15.513Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:38:51.693Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1621/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47202", datePublished: "2024-01-23T20:38:51.693Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-11-13T15:28:15.513Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47196
Vulnerability from cvelistv5
Published
2024-01-23 20:37
Modified
2024-09-12 18:31
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47197.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1617/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-47196", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T14:01:20.722876Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-12T18:31:45.987Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47197.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:37:29.810Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1617/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47196", datePublished: "2024-01-23T20:37:29.810Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-09-12T18:31:45.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47199
Vulnerability from cvelistv5
Published
2024-01-23 20:38
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47193.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.801Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1620/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47193.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:38:09.676Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1620/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47199", datePublished: "2024-01-23T20:38:09.676Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-08-02T21:01:22.801Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47194
Vulnerability from cvelistv5
Published
2024-01-23 20:37
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47195.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1614/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47195.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:37:06.848Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1614/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47194", datePublished: "2024-01-23T20:37:06.848Z", dateReserved: "2023-10-31T19:20:53.843Z", dateUpdated: "2024-08-02T21:01:22.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47198
Vulnerability from cvelistv5
Published
2024-01-23 20:37
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47199.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.972Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1619/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47199.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:37:56.639Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1619/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47198", datePublished: "2024-01-23T20:37:56.639Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-08-02T21:01:22.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47201
Vulnerability from cvelistv5
Published
2024-01-23 20:38
Modified
2024-08-29 19:55
Severity ?
EPSS score ?
Summary
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47200.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1613/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "apex_one", vendor: "trendmicro", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*", ], defaultStatus: "affected", product: "apex_one", vendor: "trendmicro", versions: [ { lessThan: "14.0.12737", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-47201", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T13:57:18.242758Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-29T19:55:32.397Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47200.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:38:38.453Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1613/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47201", datePublished: "2024-01-23T20:38:38.453Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-08-29T19:55:32.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47197
Vulnerability from cvelistv5
Published
2024-01-23 20:37
Modified
2024-10-18 15:59
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47198.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1616/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-47197", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-24T15:29:05.845318Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-18T15:59:13.695Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47198.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:37:43.898Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1616/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47197", datePublished: "2024-01-23T20:37:43.898Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-10-18T15:59:13.695Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47192
Vulnerability from cvelistv5
Published
2024-01-23 20:36
Modified
2024-11-13 15:47
Severity ?
EPSS score ?
Summary
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.811Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1611/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-47192", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:46:14.411691Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:47:07.838Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:36:34.790Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1611/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47192", datePublished: "2024-01-23T20:36:34.790Z", dateReserved: "2023-10-31T19:20:53.843Z", dateUpdated: "2024-11-13T15:47:07.838Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47193
Vulnerability from cvelistv5
Published
2024-01-23 20:36
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47194.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1612/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47194.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:36:54.947Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1612/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47193", datePublished: "2024-01-23T20:36:54.947Z", dateReserved: "2023-10-31T19:20:53.843Z", dateUpdated: "2024-08-02T21:01:22.826Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47200
Vulnerability from cvelistv5
Published
2024-01-23 20:38
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2023-47201.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Apex One |
Version: 2019 (14.0) ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.680Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { tags: [ "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1618/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Trend Micro Apex One", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.0.12526", status: "affected", version: "2019 (14.0)", versionType: "semver", }, ], }, { product: "Trend Micro Apex One as a Service", vendor: "Trend Micro, Inc.", versions: [ { lessThan: "14.0.12737", status: "affected", version: "SaaS\t", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\r\n\r\nThis vulnerability is similar to, but not identical to, CVE-2023-47201.", }, ], providerMetadata: { dateUpdated: "2024-01-23T20:38:25.058Z", orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", shortName: "trendmicro", }, references: [ { url: "https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US", }, { url: "https://www.zerodayinitiative.com/advisories/ZDI-23-1618/", }, ], }, }, cveMetadata: { assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272", assignerShortName: "trendmicro", cveId: "CVE-2023-47200", datePublished: "2024-01-23T20:38:25.058Z", dateReserved: "2023-10-31T19:20:53.844Z", dateUpdated: "2024-08-02T21:01:22.680Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.