CVE-2023-38627

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions prior to build 6481

Description A server-side request forgery (SSRF) vulnerability could allow an attacker to interact with internal or local services directly. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. The vulnerability is related to insufficient validation of incoming requests in the modTXSO widget module of the monitoring and security management tool.

Recommendations For Trend Micro Apex Central versions prior to build 6481, update to a version with build 6481 or later to resolve the issue. As a temporary workaround, consider restricting access to the modTXSO widget module to minimize the risk of exploitation.