all InfoSec news
Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities
Tenable Research Advisories www.tenable.com
CVE-2023-32521 - Unauthenticated Path Traversal File Deletion
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
A path traversal exists in web_service.dll which can allow an unauthenticated remote attacker to delete arbitrary files.
web_service.dll checks if the file is a temp file before deletion. However, the check can be bypassed with path traversal (i.e., C:\Program Files (x86)\Trend Micro\Mobile Security\cgi\TEMP\aaa\..\..\..\..\..\..\..\..\..\).
The deletion is performed under …
critical critical patch cve cvss delete deletion dll enterprise file files micro mobile mobile security patch path path traversal security trend trend micro vulnerabilities