all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities

Add to bookmarks
May 1, 2023, 8:41 p.m. | Nick Miles

Tenable Research Advisories www.tenable.com

Trend Micro Mobile Security for Enterprise Multiple Vulnerabilities
There are multiple vulnerabilities in Trend Micro Mobile Security for Enterprise 9.8 SP5 Critical Patch 3.

CVE-2023-32521 - Unauthenticated Path Traversal File Deletion


(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)


A path traversal exists in web_service.dll which can allow an unauthenticated remote attacker to delete arbitrary files.

web_service.dll checks if the file is a temp file before deletion. However, the check can be bypassed with path traversal (i.e., C:\Program Files (x86)\Trend Micro\Mobile Security\cgi\TEMP\aaa\..\..\..\..\..\..\..\..\..\).

The deletion is performed under …

critical critical patch cve cvss delete deletion dll enterprise file files micro mobile mobile security patch path path traversal security trend trend micro vulnerabilities

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 6 days, 7 hours ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 6 days, 7 hours ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 1 day ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 2 weeks, 6 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 4 weeks ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 1 week ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 2 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 1 month, 4 weeks ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 1 week ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Physical Security Operations Center - Supervisor

@ Equifax | USA-GA-Alpharetta-JVW3
View on infosec-jobs.com

Network Cybersecurity Engineer - Overland Park, KS Hybrid

@ Black & Veatch | Overland Park, KS, US
View on infosec-jobs.com

Cloud Security Engineer

@ Point72 | United States
View on infosec-jobs.com

Technical Program Manager, Security and Compliance, Cloud Compute

@ Google | New York City, USA; Kirkland, WA, USA
View on infosec-jobs.com

EWT Security | Vulnerability Management Analyst - AM

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com
View more jobs