CVE-2023-32530

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions 2019 through Build 6016

Description The issue is related to incorrect handling of the dbCert parameter in the set certificates config request to the modTMMS endpoint. This can allow a remote attacker to execute arbitrary code. The exploitation requires the attacker to first obtain authentication on the target system. The vulnerability can lead to remote code execution through a SQL injection.

Recommendations For Trend Micro Apex Central version 2019 through Build 6016, update to a version later than Build 6016 to resolve the issue. As a temporary workaround, consider restricting access to the modTMMS endpoint until a patch is available. Avoid using the dbCert parameter in the affected API endpoint until the issue is resolved.