JVNDB-2023-006199

Multiple security updates for Trend Micro Apex One and Apex One as a Service (November 2023)

Trend Micro Incorporated has released multiple security updates for Trend Micro Apex One and Apex One as a Service.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Trend Micro, Inc.

• Apex One On Premise (2019)
• Apex One as a Service

* Privilege escalation due to a link following vulnerability in the product's security agent - CVE-2023-47192
* Privilege escalation due to origin validation error vulnerabilities in the product's security agent - CVE-2023-47193, CVE-2023-47194, CVE-2023-47195, CVE-2023-47196, CVE-2023-47197, CVE-2023-47198, CVE-2023-47199
* Privilege escalation due to origin validation error vulnerabilities in the product's plug-in manager - CVE-2023-47200, CVE-2023-47201
* Privilege escalation due to a local file inclusion vulnerability in the product's management server - CVE-2023-47202

[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released the patch listed below that contains a fix for these vulnerabilities.

* Trend Micro Apex One On Premise (2019) SP1 CP 12526

The issue is fixed in the September 2023 Monthly Patch (202309) Agent Version: 14.0.12737 for Trend Micro Apex One as a Service.

[Apply the Workaround]
Applying the following workaround may mitigate the impact of these vulnerabilities.

* Restrict access to the product's administration console only from the trusted network

Trend Micro, Inc.

• TrendMicro Solution : SECURITY BULLETIN: November 6, 2023 Bulletin for Apex One

1. No Mapping(CWE-noinfo) [Other]

1. CVE-2023-47192
2. CVE-2023-47193
3. CVE-2023-47194
4. CVE-2023-47195
5. CVE-2023-47196
6. CVE-2023-47197
7. CVE-2023-47198
8. CVE-2023-47199
9. CVE-2023-47200
10. CVE-2023-47201
11. CVE-2023-47202

1. JVN : JVNVU#98040889

• [2023/11/13]
    Web page was published