CVE-2023-38625

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions prior to build 6481 Trend Micro Apex Central 2019 version <= Build 6394

Description The issue is related to insufficient validation of incoming requests in the modDeepSecurity widget of the monitoring panel of Trend Micro Apex Central. This could allow a remote attacker to perform a Server-Side Request Forgery (SSRF) attack, enabling interaction with internal or local services directly. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Apex Central 2019 versions prior to build 6481, update to a version with build 6481 or later to resolve the issue. For Trend Micro Apex Central 2019 version <= Build 6394, update to a version with build higher than 6394 to mitigate the risk. As a temporary workaround, consider restricting access to the modDeepSecurity widget until a patch is available.