Lucene search

TrendmicroCVE-2023-41176

HistoryJan 23, 2024 - 9:15 p.m.

CVE-2023-41176

2024-01-2321:15:08

CWE-79

trendmicro

web.nvd.nist.gov

cve-2023-41176

cross-site scripting

xss

trend micro mobile security

enterprise

authenticated victim

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.8%

JSON

Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker.

Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177.

Affected configurations

Nvd

Node

trendmicromobile_securityMatch9.8enterprise

VendorProductVersionCPE
trendmicromobile_security9.8cpe:2.3:a:trendmicro:mobile_security:9.8:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
trendmicro	mobile_security	9.8	cpe:2.3:a:trendmicro:mobile_security:9.8::::enterprise:::

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Mobile Security for Enterprise",
    "versions": [
      {
        "version": "9.8 SP5",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "9.8.3311"
      }
    ]
  }
]

References

success.trendmicro.com/dcx/s/solution/000294695?language=en_US

www.zerodayinitiative.com/advisories/ZDI-24-078/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.8%

JSON

Related for CVE-2023-41176