|
[Japanese]
|
JVNDB-2023-003757
|
Trend Micro Mobile Security vulnerable to cross-site scripting
|
|
Trend Micro Incorporated has released a security update for Trend Micro Mobile Security.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 6.1 (Medium) [NVD Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
|
|
|
Trend Micro, Inc.
- Trend Micro Mobile Security (Enterprise) 9.8
|
|
|
A cross-site scripting attack may be conducted if a user who is logged in to the product's management console accesses a link that contains a malicious script.
For more information, refer to the information provided by the developer.
|
|
[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released a patch below that contains a fix for this vulnerability.
* Mobile Security (Enterprise) 9.8 SP5 CP6 (b3311)
|
|
Trend Micro, Inc.
|
|
- Cross-site Scripting(CWE-79) [NVD Evaluation]
|
|
- CVE-2023-41176
- CVE-2023-41177
- CVE-2023-41178
|
|
- JVN : JVNVU#95732401
- National Vulnerability Database (NVD) : CVE-2023-41176
- National Vulnerability Database (NVD) : CVE-2023-41177
- National Vulnerability Database (NVD) : CVE-2023-41178
|
|
- [2023/09/26]
Web page was published
- [2024/03/13]
CVSS Severity was modified
CWE was modified
References : Contents were added
|
