Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)


Trend Micro Apex Central is vulnerable to multiple server-side request forgeries.
Trend Micro Incorporated has released Patch 5 (build 6481) for Trend Micro Apex Central.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc.
  • Apex Central 2019 prior to Build 6481


Users of the product may interact directly with the internal or local services to which direct access should be restricted, potentially leading to leakage of sensitive information within the system.
For more information, refer to the information provided by the developer.

[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released a patch below that contains a fix for this vulnerability.

* Trend Micro Apex Central 2019 Patch5(b6481)

[Apply the Workaround]
Applying the following workaround may mitigate the impact of these vulnerabilities.

* Permit access to the product only from the trusted network
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2023-38624
  2. CVE-2023-38625
  3. CVE-2023-38626
  4. CVE-2023-38627

  1. JVN : JVNVU#98367862
Revision History

  • [2023/08/10]
      Web page was published