Vulnerabilities > CVE-2023-38627 - Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Apex Central 2019

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

trendmicro

CWE-918

NVD

Published: 2024-01-23

Updated: 2024-01-29

Summary

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626.

Vulnerable Configurations

Part	Description	Count
Application	Trendmicro Trendmicro Apex Central 2019	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1001/