|
[Japanese]
|
JVNDB-2023-002796
|
Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)
|
|
Trend Micro Apex Central is vulnerable to multiple server-side request forgeries.
Trend Micro Incorporated has released Patch 5 (build 6481) for Trend Micro Apex Central.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 5.4 (Medium) [NVD Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
|
|
|
Trend Micro, Inc.
- Apex Central 2019 prior to Build 6481
|
|
|
Users of the product may interact directly with the internal or local services to which direct access should be restricted, potentially leading to leakage of sensitive information within the system.
For more information, refer to the information provided by the developer.
|
|
[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released a patch below that contains a fix for this vulnerability.
* Trend Micro Apex Central 2019 Patch5(b6481)
[Apply the Workaround]
Applying the following workaround may mitigate the impact of these vulnerabilities.
* Permit access to the product only from the trusted network
|
|
Trend Micro, Inc.
|
|
- Server-Side Request Forgery (SSRF)(CWE-918) [NVD Evaluation]
|
|
- CVE-2023-38624
- CVE-2023-38625
- CVE-2023-38626
- CVE-2023-38627
|
|
- JVN : JVNVU#98367862
- National Vulnerability Database (NVD) : CVE-2023-38624
- National Vulnerability Database (NVD) : CVE-2023-38625
- National Vulnerability Database (NVD) : CVE-2023-38626
- National Vulnerability Database (NVD) : CVE-2023-38627
|
|
- [2023/08/10]
Web page was published
- [2024/03/13]
CVSS Severity was modified
CWE was modified
References : Contents were added
|
