PT-2022-6616 · Trend Micro · Trend Micro Apex One As A Service+1

Elias Martinez

Published

2022-09-30

Updated

2024-12-04

CVE-2023-32553

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified)

Description The issue is related to improper access control in the web console of Trend Micro Apex One and Apex One as a Service, which could allow an unauthenticated user to disclose sensitive information on agents under certain circumstances. This vulnerability may enable a remote attacker to gain unauthorized access to protected information.

Recommendations For Trend Micro Apex One, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-346

Related Identifiers

BDU:2023-02865

CVE-2023-32553

ZDI-23-653

Affected Products

Trend Micro Apex One

Trend Micro Apex One As A Service

PT-2022-6616 · Trend Micro · Trend Micro Apex One As A Service+1

CVE-2023-32553

Weakness Enumeration

Related Identifiers

Affected Products

References · 12