Security Vulnerabilities - CVEs Published In June 2023
An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-26
DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-06-26
A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-26
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
CVSS Score
9.1
EPSS Score
0.711
Published
2023-06-26
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Score
8.1
EPSS Score
0.012
Published
2023-06-26
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.
This is similar to, but not identical to CVE-2023-32524.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-26
Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities.
This is similar to, but not identical to CVE-2023-32523.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-06-26
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32526.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-26
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32525.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-06-26
Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This is similar to, but not identical to CVE-2023-32528.
CVSS Score
8.8
EPSS Score
0.034
Published
2023-06-26