An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
Tag: Trend Micro
Critical Vulnerabilities in Trend Micro Apex One and OfficeScan (CVE-2020-8467,CVE-2020-8468)
Summary: Trend Micro antivirus maker has released patches on Monday to address the two zero-days, along with three other similarly critical issues (although, not exploited in the wild, YET). A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote malicious users to execute arbitrary code … Continue reading “Critical Vulnerabilities in Trend Micro Apex One and OfficeScan (CVE-2020-8467,CVE-2020-8468)”
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities
After Trend Micro fixed the vulnerabilities I reported earlier, I started testing this product again to see if I could still find few more vulnerabilities. Stored Cross Site Scripting (XSS) Vulnerability (CVE-2017-6340): I wanted to check if reports functionality had any injection vulnerabilities. I created a low privileged user ‘test2’ with Reports-Only role who could run just … Continue reading “Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 Multiple Vulnerabilities”
Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities
I recently came across one of the Trend Micro’s enterprise security products ‘InterScan Web Security Virtual Appliance (IWSVA)’. It’s a secure web gateway that combines application control with zero-day exploit detection, advanced anti-malware and ransomware scanning, real-time web reputation, and flexible URL filtering to provide superior Internet threat protection. I downloaded the latest version ‘IWSVA version … Continue reading “Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x Multiple Vulnerabilities”