CVE-2023-32553

2023-06-2622:15:10

trendmicro

web.nvd.nist.gov

cve-2023-32553

improper access control

trend micro

apex one

apex one as a service

vulnerability disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

49.7%

JSON

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents.

This is similar to, but not identical to CVE-2023-32552.

Affected configurations

Nvd

Node

trendmicroapex_oneRange<14.0.12105saas

trendmicroapex_oneMatch2019

AND

microsoftwindowsMatch-

VendorProductVersionCPE
trendmicroapex_one*cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*
trendmicroapex_one2019cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	apex_one	*	cpe:2.3:a:trendmicro:apex_one:::::saas:::*
trendmicro	apex_one	2019	cpe:2.3:a:trendmicro:apex_one:2019:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "2019",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "14.0.0.12024"
      }
    ]
  }
]