JVNDB-2023-002100

Security updates for multiple Trend Micro products for enterprises (June 2023)

Trend Micro Incorporated has released security updates for multiple Trend Micro products for enterprises. For more details, refer to the information provided by the developer.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Trend Micro, Inc.

• Apex Central
• Apex One
• Apex One as a Service
• Trend Micro Mobile Security 9.8 SP5

Mobile Security (Enterprise) 9.8 SP5
Arbitrary file deletion due to unauthenticated path traversal - CVE-2023-32521
Arbitrary file deletion due to authenticated path traversal - CVE-2023-32522
Unauthorized access due to authentication bypass - CVE-2023-32523, CVE-2023-32524
Unrestricted file upload - CVE-2023-32525, CVE-2023-32526
Arbitrary command execution due to local file inclusion - CVE-2023-32527, CVE-2023-32528

Apex One 2019 (On-prem), Apex One as a Service
Registry key removal due to privilege escalation - CVE-2023-30902
Information disclosure due to improper access control - CVE-2023-32552, CVE-2023-32553
Privilege escalation due to Time-of-check Time-of-use (TOCTOU) vulnerability - CVE-2023-32554, CVE-2023-32555
Information disclosure due to link following vulnerability - CVE-2023-32556
Code execution due to path traversal vulnerability - CVE-2023-32557
Privilege escalation due to untrusted search path vulnerability - CVE-2023-34144, CVE-2023-34145
Privilege escalation due to exposure of dangerous method/function vulnerability - CVE-2023-34146, CVE-2023-34147, CVE-2023-34148

Apex Central 2019 (On-prem)
Code execution due to SQL injection - CVE-2023-32529, CVE-2023-32530
Code execution due to XSS - CVE-2023-32531, CVE-2023-32532, CVE-2023-32533, CVE-2023-32534, CVE-2023-32535
Reflected XSS under authenticated conditions due to user input validation and sanitization issues - CVE-2023-32536, CVE-2023-32537, CVE-2023-32604, CVE-2023-32605

[Update the Software and Apply Additional Configuration]
Update the software to the latest version according to the information provided by the developer.
The issues in Apex One as a Service are fixed in the April and May 2023 Maintenance.

After the updates, apply the additional configuration as a countermeasure against CVE-2023-32552 and CVE-2023-32553.
For details, refer to the information provided by the developer.

Trend Micro, Inc.

• Trend Micro Incorporated : SECURITY BULLETIN: May 2023 Security Bulletin for Trend Micro Mobile Security (Enterprise)
• Trend Micro Incorporated : SECURITY BULLETIN: May 2023 Security Bulletin for Trend Micro Apex Central
• Trend Micro Incorporated : SECURITY BULLETIN: May 16, 2023 Security Bulletin for Trend Micro Apex One
• Trend Micro Incorporated : SECURITY BULLETIN: June 6, 2023 Security Bulletin for Trend Micro Apex One

1. CVE-2023-32521
2. CVE-2023-32522
3. CVE-2023-32523
4. CVE-2023-32524
5. CVE-2023-32525
6. CVE-2023-32526
7. CVE-2023-32527
8. CVE-2023-32528
9. CVE-2023-30902
10. CVE-2023-32552
11. CVE-2023-32553
12. CVE-2023-32554
13. CVE-2023-32555
14. CVE-2023-32556
15. CVE-2023-32557
16. CVE-2023-34144
17. CVE-2023-34145
18. CVE-2023-34146
19. CVE-2023-34147
20. CVE-2023-34148
21. CVE-2023-32529
22. CVE-2023-32530
23. CVE-2023-32531
24. CVE-2023-32532
25. CVE-2023-32533
26. CVE-2023-32534
27. CVE-2023-32535
28. CVE-2023-32536
29. CVE-2023-32537
30. CVE-2023-32604
31. CVE-2023-32605

1. JVN : JVNVU#91852506
2. JVN : JVNVU#93384719

• [2023/06/14]
    Web page was published
• [2023/07/25]
    References : Content was added