CVE-2023-38626

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central versions prior to build 6481

Description A server-side request forgery (SSRF) vulnerability could allow an attacker to interact with internal or local services directly. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. The vulnerability is related to insufficient validation of incoming requests, which can be exploited by a remote attacker to perform an SSRF attack.

Recommendations For versions prior to build 6481, update to a version with build 6481 or later to resolve the issue. As a temporary workaround, consider restricting access to internal or local services to minimize the risk of exploitation.