TrendMicro Apex Central
By the Year
In 2024 there have been 11 vulnerabilities in TrendMicro Apex Central with an average score of 6.3 out of ten. Last year Apex Central had 11 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Apex Central in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.03
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 11 | 6.31 |
| 2023 | 11 | 6.34 |
| 2022 | 1 | 9.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Apex Central vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent TrendMicro Apex Central Security Vulnerabilities
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could
CVE-2023-52331
7.1 - High
- January 23, 2024
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
XSPA
An unrestricted file upload vulnerability in Trend Micro Apex Central could
CVE-2023-52324
8.8 - High
- January 23, 2024
An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code.
Unrestricted File Upload
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could
CVE-2023-52325
7.5 - High
- January 23, 2024
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker must first obtain a valid set of credentials on target system in order to exploit this vulnerability.
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could
CVE-2023-38624
5.4 - Medium
- January 23, 2024
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625 through CVE-2023-38627.
XSPA
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could
CVE-2023-38625
5.4 - Medium
- January 23, 2024
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38624.
XSPA
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could
CVE-2023-38626
5.4 - Medium
- January 23, 2024
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38625.
XSPA
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could
CVE-2023-38627
5.4 - Medium
- January 23, 2024
A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-38626.
XSPA
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-52326
6.1 - Medium
- January 23, 2024
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-52327
6.1 - Medium
- January 23, 2024
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52328.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-52328
6.1 - Medium
- January 23, 2024
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52329.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-52329
6.1 - Medium
- January 23, 2024
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326.
XSS
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection
CVE-2023-32529
8.8 - High
- June 26, 2023
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530.
SQL Injection
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues
CVE-2023-32604
5.4 - Medium
- June 26, 2023
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32605.
XSS
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues
CVE-2023-32605
5.4 - Medium
- June 26, 2023
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604.
XSS
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection
CVE-2023-32530
8.8 - High
- June 26, 2023
Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529.
SQL Injection
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-32531
6.1 - Medium
- June 26, 2023
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-32532
6.1 - Medium
- June 26, 2023
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-32533
6.1 - Medium
- June 26, 2023
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-32534
6.1 - Medium
- June 26, 2023
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.
XSS
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks
CVE-2023-32535
6.1 - Medium
- June 26, 2023
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534.
XSS
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues
CVE-2023-32536
5.4 - Medium
- June 26, 2023
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537.
XSS
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues
CVE-2023-32537
5.4 - Medium
- June 26, 2023
Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536.
XSS
An arbitrary file upload vulnerability in Trend Micro Apex Central could
CVE-2022-26871
9.8 - Critical
- March 29, 2022
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Insufficient Verification of Data Authenticity
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for TrendMicro Apex One or by TrendMicro? Click the Watch button to subscribe.
