ZDI-23-589: Trend Micro Mobile Security for Enterprises widget set_certificates_config Unrestricted File Upload Vulnerability
First published: Fri May 12 2023(Updated: )
This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Mobile Security for Enterprises |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is ZDI-23-589.
What is the severity level of ZDI-23-589?
The severity level of ZDI-23-589 is medium with a severity value of 6.5.
What software is affected by ZDI-23-589?
ZDI-23-589 affects Trend Micro Mobile Security for Enterprises.
How can this vulnerability be exploited?
Remote attackers can exploit this vulnerability by creating arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises, bypassing the existing authentication mechanism.
Is there any fix or solution available for ZDI-23-589?
Yes, there is a solution available for ZDI-23-589. It is recommended to refer to the Trend Micro solution (https://success.trendmicro.com/solution/000293106) for the fix or mitigation steps.
- collector/zdi-published
- alias/ZDI-CAN-20179
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/severity
- agent/tags
- agent/title
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-589
- alias/CVE-2023-32525
- agent/software-canonical-lookup
- vendor/trend micro
- canonical/trend micro mobile security for enterprises