Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities | allinfosecnews.com

May 1, 2023, 8:41 p.m. | Nick Miles

Tenable Research Advisories www.tenable.com

Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities

There are multiple vulnerabilities in Trend Micro Mobile Security for Enterprise 9.8 SP5 Critical Patch 3.

CVE-2023-32521 - Unauthenticated Path Traversal File Deletion

(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

A path traversal exists in web_service.dll which can allow an unauthenticated remote attacker to delete arbitrary files.

web_service.dll checks if the file is a temp file before deletion. However, the check can be bypassed with path traversal (i.e., C:\Program Files (x86)\Trend Micro\Mobile Security\cgi\TEMP\aaa\..\..\..\..\..\..\..\..\..\).

The deletion is performed under …

critical critical patch cve cvss delete deletion dll enterprise file files micro mobile mobile security patch path path traversal security trend trend micro vulnerabilities

More from www.tenable.com / Tenable Research Advisories

Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 3 days, 9 hours ago | www.tenable.com

adobe adobe framemaker api api authentication +13

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 5 days, 8 hours ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 5 days, 8 hours ago | www.tenable.com

cloud cloud functions cloud platform escalation +9

Microsoft Azure Firewall Bypass Vulnerability 6 days, 11 hours ago | www.tenable.com

azure bypass bypass vulnerability firewall +4

Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer 1 week ago | www.tenable.com

arbitrary code attackers cloud cloud platform +19

Fluent Bit Memory Corruption Vulnerability 3 weeks, 2 days ago | www.tenable.com

corruption memory memory corruption vulnerability

Cross-Site Scripting in WordPress RSS Aggregator Plugin 3 weeks, 5 days ago | www.tenable.com

cross-site plugin rss scripting +1

Solidus Stored Cross-Site Scripting 3 weeks, 5 days ago | www.tenable.com

cross-site inject javascript malicious +8

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 1 month ago | www.tenable.com

access account action admin +42

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com