CVE-2023-32557: Path Traversal
First published: Mon Jun 26 2023(Updated: )
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Apex One | <14.0.12105 | |
| Trend Micro Apex One | =2019 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-32557?
CVE-2023-32557 is a path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service.
How can an unauthenticated attacker exploit CVE-2023-32557?
An unauthenticated attacker can exploit CVE-2023-32557 by uploading an arbitrary file to the Management Server, which could lead to remote code execution with system privileges.
Which versions of Trend Micro Apex One are affected by CVE-2023-32557?
Trend Micro Apex One versions up to 14.0.12105 and 2019 are affected by CVE-2023-32557.
What is the severity rating of CVE-2023-32557?
CVE-2023-32557 has a severity rating of 9.8 (critical).
How can I fix CVE-2023-32557?
To fix CVE-2023-32557, update Trend Micro Apex One to a version that is not vulnerable or apply the necessary patches provided by Trend Micro.
- agent/type
- agent/severity
- agent/remedy
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trendmicro
- canonical/trend micro apex one
- version/trend micro apex one/2019
- vendor/microsoft
- canonical/microsoft windows operating system