CVE-2023-52330 - Vulnerability Details - OpenCVE

A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trendmicro	Apex One

Configuration 1 [-]

OR	cpe:2.3:a:trendmicro:apex_one:::::saas:::*
	cpe:2.3:a:trendmicro:apex_one:2019:-::::::

No data.

References

Link	Providers
https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-051/

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2024-01-23T20:42:34.678Z

Updated: 2024-08-02T22:55:41.318Z

Reserved: 2024-01-11T03:45:00.948Z

Link: CVE-2023-52330

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-23T21:15:09.593

Modified: 2024-11-21T08:39:34.823

Link: CVE-2023-52330

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*", "matchCriteriaId": "A9E837BF-EABA-4A51-83D8-831044DA1AEA", "versionEndExcluding": "14.0.12849", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*", "matchCriteriaId": "219071B9-2D31-4E7F-A0AD-769FE0243B35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central.\r\n\r\nPlease note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting en Trend Micro Apex Central podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en las instalaciones afectadas de Trend Micro Apex Central. Tenga en cuenta: se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso."}], "id": "CVE-2023-52330", "lastModified": "2024-11-21T08:39:34.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-23T21:15:09.593", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-051/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://success.trendmicro.com/dcx/s/solution/000296153?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-051/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}