Multiple vulnerabilities in Trend Micro Apex One
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2023-47192 CVE-2023-47202 CVE-2023-47193 CVE-2023-47199 CVE-2023-47200 CVE-2023-47201 CVE-2023-47194 CVE-2023-47195 CVE-2023-47196 CVE-2023-47197 CVE-2023-47198 |
| CWE-ID | CWE-59 CWE-98 CWE-346 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Link following
EUVDB-ID: #VU82873
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47192
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following within the Apex One NT RealTime Scan service. A local user can create a symbolic link to a critical file on the system and overwrite it with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1611/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) PHP file inclusion
EUVDB-ID: #VU82875
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47202
CWE-ID:
CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
Exploit availability: No
DescriptionThe vulnerability allows a remote user to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1621/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Origin validation error
EUVDB-ID: #VU82878
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47193
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error. A remote attacker can bypass implemented security restrictions. MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1612/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Origin validation error
EUVDB-ID: #VU82885
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47199
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1620/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Origin validation error
EUVDB-ID: #VU82876
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47200
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1618/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Origin validation error
EUVDB-ID: #VU82877
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47201
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1613/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Origin validation error
EUVDB-ID: #VU82880
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47194
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1614/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Origin validation error
EUVDB-ID: #VU82881
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47195
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1615/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Origin validation error
EUVDB-ID: #VU82882
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47196
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1617/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Origin validation error
EUVDB-ID: #VU82883
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47197
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1616/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Origin validation error
EUVDB-ID: #VU82884
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-47198
CWE-ID:
CWE-346 - Origin Validation Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in plugin manager. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsApex One: CP B2049 - 2019
CPE2.3- cpe:2.3:a:trend_micro:apex_one:CP B2049:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:CP B10071:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*
https://success.trendmicro.com/dcx/s/solution/000295652?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-23-1619/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
