SB2023072643 - Multiple SSRF vulnerabilities in Trend Micro Apex Central
Published: July 26, 2023 Updated: July 27, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-38624)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the modTMSL module. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-38627)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the modTXSO module. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
3) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-38625)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the modDeepSecurity module. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
4) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-38626)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the modVulnerabilityProtect module. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://success.trendmicro.com/dcx/s/solution/000294176?language=en_US
- https://www.zerodayinitiative.com/advisories/ZDI-23-998/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1001/
- https://www.zerodayinitiative.com/advisories/ZDI-23-999/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1000/