Vulnerabilities > CVE-2023-52331 - Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Apex Central 2019

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

trendmicro

CWE-918

NVD

Published: 2024-01-23

Updated: 2024-01-30

Summary

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Trendmicro Trendmicro Apex Central 2019	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-052/