Vulnerabilities > Trendmicro > Mobile Security

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-41176 Cross-site Scripting vulnerability in Trendmicro Mobile Security 9.8
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177.
network
low complexity
trendmicro CWE-79
6.1
2024-01-23 CVE-2023-41177 Cross-site Scripting vulnerability in Trendmicro Mobile Security 9.8
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178.
network
low complexity
trendmicro CWE-79
6.1
2024-01-23 CVE-2023-41178 Cross-site Scripting vulnerability in Trendmicro Mobile Security 9.8
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176.
network
low complexity
trendmicro CWE-79
6.1
2023-06-26 CVE-2023-32521 Path Traversal vulnerability in Trendmicro Mobile Security 9.8
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
network
low complexity
trendmicro CWE-22
critical
9.1
2023-06-26 CVE-2023-32522 Path Traversal vulnerability in Trendmicro Mobile Security 9.8
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
network
low complexity
trendmicro CWE-22
8.1
2023-06-26 CVE-2023-32523 Improper Authentication vulnerability in Trendmicro Mobile Security 9.8
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524.
network
low complexity
trendmicro CWE-287
8.8
2023-06-26 CVE-2023-32524 Improper Authentication vulnerability in Trendmicro Mobile Security 9.8
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523.
network
low complexity
trendmicro CWE-287
8.8
2023-06-26 CVE-2023-32525 Unspecified vulnerability in Trendmicro Mobile Security 9.8
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.
network
low complexity
trendmicro
6.5
2023-06-26 CVE-2023-32526 Unspecified vulnerability in Trendmicro Mobile Security 9.8
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.
network
low complexity
trendmicro
6.5
2023-06-26 CVE-2023-32527 Unspecified vulnerability in Trendmicro Mobile Security 9.8
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.
network
low complexity
trendmicro
8.8