cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-52331,https://securityvulnerability.io/vulnerability/CVE-2023-52331,Server-Side Request Forgery Vulnerability in Trend Micro Apex Central,"A post-authenticated server-side request forgery (SSRF) vulnerability exists in Trend Micro Apex Central, raising concerns about the potential for malicious actors to interact with internal or local services. To exploit this vulnerability, an attacker must possess the capability to execute low-privileged code on the affected system, which may enable them to gain unauthorized access to sensitive internal resources.",Trend Micro,Trend Micro Apex Central,7.1,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2024-01-23T20:42:46.349Z,0 CVE-2023-52330,https://securityvulnerability.io/vulnerability/CVE-2023-52330,,"A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.01583000086247921,false,false,false,false,,false,false,2024-01-23T20:42:34.678Z,0 CVE-2023-52329,https://securityvulnerability.io/vulnerability/CVE-2023-52329,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.01583000086247921,false,false,false,false,,false,false,2024-01-23T20:42:13.269Z,0 CVE-2023-52328,https://securityvulnerability.io/vulnerability/CVE-2023-52328,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.01583000086247921,false,false,false,false,,false,false,2024-01-23T20:42:01.780Z,0 CVE-2023-52327,https://securityvulnerability.io/vulnerability/CVE-2023-52327,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.01583000086247921,false,false,false,false,,false,false,2024-01-23T20:41:50.167Z,0 CVE-2023-52326,https://securityvulnerability.io/vulnerability/CVE-2023-52326,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.01583000086247921,false,false,false,false,,false,false,2024-01-23T20:41:39.424Z,0 CVE-2023-52325,https://securityvulnerability.io/vulnerability/CVE-2023-52325,Local File Inclusion Vulnerability in Trend Micro Apex Central,A local file inclusion vulnerability has been identified in a widget of Trend Micro Apex Central. This vulnerability permits remote attackers to execute arbitrary code on installations of the application. It requires the attacker to have valid credentials to the target system and must be combined with another vulnerability for effective exploitation. Proper security measures and patches should be implemented immediately to mitigate risks associated with this vulnerability.,Trend Micro,Trend Micro Apex Central,7.5,HIGH,0.012600000016391277,false,false,false,false,,false,false,2024-01-23T20:41:25.754Z,0 CVE-2023-52324,https://securityvulnerability.io/vulnerability/CVE-2023-52324,Unrestricted File Upload Vulnerability in Trend Micro Apex Central,"An unrestricted file upload vulnerability exists in Trend Micro Apex Central that enables a remote attacker to create arbitrary files on vulnerable installations. While the presence of valid credentials is necessary for exploitation, this vulnerability poses a significant risk as it can be leveraged to upload malicious files. Furthermore, it may be utilized in conjunction with other vulnerabilities to facilitate the execution of arbitrary code, thus compromising the integrity and security of the affected systems.",Trend Micro,Trend Micro Apex Central,8.8,HIGH,0.005400000140070915,false,false,false,false,,false,false,2024-01-23T20:41:10.369Z,0 CVE-2023-38627,https://securityvulnerability.io/vulnerability/CVE-2023-38627,Server-Side Request Forgery Issue in Trend Micro Apex Central,"A server-side request forgery (SSRF) vulnerability exists in Trend Micro Apex Central 2019 prior to build 6481, enabling an attacker with low-privileged code execution on the target system to directly interact with internal or local services. This vulnerability poses a significant risk to the confidentiality and integrity of internal network resources. Mitigating this threat requires immediate updates to the affected product versions to prevent unauthorized access and potential exploitation.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2024-01-23T20:34:54.008Z,0 CVE-2023-38626,https://securityvulnerability.io/vulnerability/CVE-2023-38626,Server-Side Request Forgery Vulnerability in Trend Micro Apex Central,"A post-authenticated server-side request forgery (SSRF) vulnerability exists in Trend Micro Apex Central 2019, versions below build 6481. This vulnerability allows attackers with low-privileged code execution to interact directly with internal or local services, potentially leading to unauthorized access or data exposure. Effective security measures should be implemented to mitigate this risk, as it poses a significant threat to the confidentiality and integrity of the affected systems.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2024-01-23T20:34:41.067Z,0 CVE-2023-38625,https://securityvulnerability.io/vulnerability/CVE-2023-38625,Server-Side Request Forgery Vulnerability in Trend Micro Apex Central,"A post-authenticated server-side request forgery (SSRF) vulnerability exists in Trend Micro Apex Central 2019, prior to build 6481. This vulnerability can allow a malicious actor, who has already gained low-privileged access to execute code on the server, to interact with internal or local services. The exploitation of this flaw could potentially lead to unauthorized access to sensitive data or internal network resources, posing a significant security threat for organizations relying on the product. It is crucial for users to ensure that their systems are updated to mitigate the risks associated with this vulnerability.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2024-01-23T20:34:25.108Z,0 CVE-2023-38624,https://securityvulnerability.io/vulnerability/CVE-2023-38624,Post-Authenticated SSRF Vulnerability in Trend Micro Apex Central,"A post-authenticated server-side request forgery (SSRF) vulnerability exists in Trend Micro Apex Central 2019, specifically in versions prior to build 6481. This vulnerability enables an attacker, who has previously gained access to execute low-privileged code, to send crafted requests and interact with internal or local services on the affected system. While the attacker requires initial access, the potential for exploiting local resources poses significant concerns for the security of organizational data and services. This flaw, while akin to other related vulnerabilities, warrants immediate attention from system administrators and security teams.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.000910000002477318,false,false,false,false,,false,false,2024-01-23T20:34:05.300Z,0 CVE-2023-32532,https://securityvulnerability.io/vulnerability/CVE-2023-32532,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.0042500002309679985,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32605,https://securityvulnerability.io/vulnerability/CVE-2023-32605,,"Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32537,https://securityvulnerability.io/vulnerability/CVE-2023-32537,,"Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32529,https://securityvulnerability.io/vulnerability/CVE-2023-32529,SQL Injection Vulnerabilities in Trend Micro Apex Central,"The on-premise version of Trend Micro Apex Central has multiple vulnerabilities that enable authenticated users to execute SQL injection attacks. This can potentially lead to remote code execution, putting sensitive data and system integrity at risk. To exploit these vulnerabilities, an attacker must first gain authentication on the target system, creating a significant threat for environments deploying affected versions of this security solution. Organizations should assess their systems for exposure to ensure they are safeguarded against these risks.",Trend Micro,Trend Micro Apex Central,8.8,HIGH,0.011020000092685223,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32530,https://securityvulnerability.io/vulnerability/CVE-2023-32530,Trend Micro Apex Central Vulnerabilities Could Lead to Remote Code Execution,"Certain modules in Trend Micro Apex Central (on-premise) are susceptible to SQL injection vulnerabilities, which enable authenticated users to execute arbitrary SQL commands. This could potentially lead to remote code execution on the affected system. It’s essential for users to ensure proper authentication measures are in place to mitigate the risks associated with these vulnerabilities.",Trend Micro,Trend Micro Apex Central,8.8,HIGH,0.011020000092685223,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32531,https://securityvulnerability.io/vulnerability/CVE-2023-32531,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.0042500002309679985,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32533,https://securityvulnerability.io/vulnerability/CVE-2023-32533,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.0042500002309679985,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32534,https://securityvulnerability.io/vulnerability/CVE-2023-32534,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.0042500002309679985,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32535,https://securityvulnerability.io/vulnerability/CVE-2023-32535,,"Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534.",Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.0042500002309679985,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32536,https://securityvulnerability.io/vulnerability/CVE-2023-32536,,"Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2023-32604,https://securityvulnerability.io/vulnerability/CVE-2023-32604,,"Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32605.",Trend Micro,Trend Micro Apex Central,5.4,MEDIUM,0.00046999999904073775,false,false,false,false,,false,false,2023-06-26T22:15:00.000Z,0 CVE-2022-26871,https://securityvulnerability.io/vulnerability/CVE-2022-26871,,An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.,Trend Micro,Trend Micro Apex Central,9.8,CRITICAL,0.6937000155448914,true,false,false,true,,false,false,2022-03-29T20:45:20.000Z,0 CVE-2019-19692,https://securityvulnerability.io/vulnerability/CVE-2019-19692,,Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.,Trend Micro,Trend Micro Apex Central,6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2019-12-20T04:05:22.000Z,0