Vulnerabilities > Trendmicro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-32536 | Cross-site Scripting vulnerability in Trendmicro Apex Central 2019 Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. | 5.4 |
| 2023-06-26 | CVE-2023-32537 | Cross-site Scripting vulnerability in Trendmicro Apex Central 2019 Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. | 5.4 |
| 2023-06-26 | CVE-2023-32552 | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | 5.3 |
| 2023-06-26 | CVE-2023-32553 | Unspecified vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | 5.3 |
| 2023-06-26 | CVE-2023-32556 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/2019 A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 5.5 |
| 2023-06-26 | CVE-2023-32604 | Cross-site Scripting vulnerability in Trendmicro Apex Central 2019 Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. | 5.4 |
| 2023-06-26 | CVE-2023-32605 | Cross-site Scripting vulnerability in Trendmicro Apex Central 2019 Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. | 5.4 |
| 2023-03-22 | CVE-2023-28005 | Unspecified vulnerability in Trendmicro Trend Micro Endpoint Encryption A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. low complexity trendmicro | 6.8 |
| 2023-03-10 | CVE-2023-25147 | Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | 6.7 |
| 2022-12-12 | CVE-2022-44647 | Out-of-bounds Read vulnerability in Trendmicro Apex ONE 14.0.10349/2019 An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648. | 5.5 |