CVE-2023-52324

EPSS 3.86%
Published 23.01.2024 21:15:09
Last modified 30.05.2025 15:15:27
Source security@trendmicro.com
Teams watchlist Login
Open Login

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations.

Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Apex Central Version2019 Update- SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.86%	0.878

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-077/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2023-52324

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52324

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52324

EUVD