Vulnerabilities > Trendmicro > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-32527 Unspecified vulnerability in Trendmicro Mobile Security 9.8
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528.
network
low complexity
trendmicro
8.8
2023-06-26 CVE-2023-32528 Unspecified vulnerability in Trendmicro Mobile Security 9.8
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527.
network
low complexity
trendmicro
8.8
2023-06-26 CVE-2023-32529 SQL Injection vulnerability in Trendmicro Apex Central 2019
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530.
network
low complexity
trendmicro CWE-89
8.8
2023-06-26 CVE-2023-32530 SQL Injection vulnerability in Trendmicro Apex Central 2019
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529.
network
low complexity
trendmicro CWE-89
8.8
2023-06-26 CVE-2023-32554 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555.
local
high complexity
trendmicro CWE-367
7.0
2023-06-26 CVE-2023-32555 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Apex ONE 14.0.10349/2019
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554.
local
high complexity
trendmicro CWE-367
7.0
2023-06-26 CVE-2023-34144 Untrusted Search Path vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145.
local
low complexity
trendmicro CWE-426
7.8
2023-06-26 CVE-2023-34145 Untrusted Search Path vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144.
local
low complexity
trendmicro CWE-426
7.8
2023-06-26 CVE-2023-34146 Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.
local
low complexity
trendmicro CWE-269
7.8
2023-06-26 CVE-2023-34147 Improper Privilege Management vulnerability in Trendmicro Apex ONE 14.0.10349/2019
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148.
local
low complexity
trendmicro CWE-269
7.8