PT-2023-4354 · Trend Micro · Trend Micro Apex Central
Poh Jia Hao
·
Published
2023-07-26
·
Updated
2024-01-29
·
CVE-2023-38624
CVSS v2.0
8.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Trend Micro Apex Central version 2019 (<= Build 6394)
Description
The issue is related to insufficient validation of incoming requests in the modTMSL widget monitoring panel module of Trend Micro Apex Central, a security monitoring and management tool. This can be exploited by a remote attacker to perform a Server-Side Request Forgery (SSRF) attack.
Recommendations
For Trend Micro Apex Central version 2019 (<= Build 6394), update to a version higher than Build 6394 to resolve the issue. As a temporary workaround, consider restricting access to the modTMSL widget monitoring panel module to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trend Micro Apex Central