6.5

CVE-2023-32526

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.  

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is similar to, but not identical to CVE-2023-32525.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroMobile Security Version9.8 Updatesp5 SwEditionenterprise SwPlatformwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.04% 0.786
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-586/
Third Party Advisory
VDB Entry