CVE-2023-38625

EPSS 0.15%
Published 23.01.2024 21:15:08
Last modified 20.06.2025 19:15:21
Source security@trendmicro.com
Teams watchlist Login
Open Login

A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is a similar, but not identical vulnerability as CVE-2023-38624.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Apex Central Version2019 Update- SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.36

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-999/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2023-38625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38625

EUVD