VYPR

Apex Central

by Trend Micro

CVEs (35)

  • CVE-2022-26871CriKEVMar 29, 2022
    risk 0.77cvss 9.8epss 0.20

    An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

  • CVE-2025-49220CriJun 17, 2025
    risk 0.64cvss 9.8epss 0.02

    An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different method.

  • CVE-2025-49219CriJun 17, 2025
    risk 0.64cvss 9.8epss 0.01

    An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

  • CVE-2023-52324HigJan 23, 2024
    risk 0.58cvss 8.8epss 0.04

    An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when…

  • CVE-2023-32530HigJun 26, 2023
    risk 0.57cvss 8.8epss 0.02

    Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in…

  • CVE-2023-32529HigJun 26, 2023
    risk 0.57cvss 8.8epss 0.02

    Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in…

  • CVE-2025-47867HigJun 17, 2025
    risk 0.49cvss 7.5epss 0.02

    A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.

  • CVE-2025-47865HigJun 17, 2025
    risk 0.49cvss 7.5epss 0.02

    A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations.

  • CVE-2023-52325HigJan 23, 2024
    risk 0.49cvss 7.5epss 0.05

    A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In…

  • CVE-2025-30680HigJun 17, 2025
    risk 0.46cvss 7.1epss 0.00

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex…

  • CVE-2023-52331HigJan 23, 2024
    risk 0.46cvss 7.1epss 0.01

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-30679MedJun 17, 2025
    risk 0.42cvss 6.5epss 0.00

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

  • CVE-2025-30678MedJun 17, 2025
    risk 0.42cvss 6.5epss 0.00

    A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

  • CVE-2023-52330MedJan 23, 2024
    risk 0.40cvss 6.1epss 0.02

    A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must…

  • CVE-2023-52329MedJan 23, 2024
    risk 0.40cvss 6.1epss 0.01

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to…

  • CVE-2023-52328MedJan 23, 2024
    risk 0.40cvss 6.1epss 0.02

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to…

  • CVE-2023-52327MedJan 23, 2024
    risk 0.40cvss 6.1epss 0.02

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to…

  • CVE-2023-52326MedJan 23, 2024
    risk 0.40cvss 6.1epss 0.02

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to…

  • CVE-2023-32535MedJun 26, 2023
    risk 0.40cvss 6.1epss 0.02

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534.

  • CVE-2023-32534MedJun 26, 2023
    risk 0.40cvss 6.1epss 0.01

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535.

Page 1 of 2