CVE-2023-41179

HIGH KEV

Trend Micro Apex One - Command Injection

Title source: llm

Description

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

References (4)

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU90967486/

[Broken Link] https://success.trendmicro.com/jp/solution/000294706

[Broken Link] https://success.trendmicro.com/solution/000294994

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179

Scores

CVSS v3 7.2

EPSS 0.0223

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-09-21

VulnCheck KEV 2023-09-19

InTheWild.io 2023-09-21

ENISA EUVD EUVD-2023-45696

CWE

CWE-94

Status published

Products (3)

trendmicro/apex_one 2019 (2 CPE variants)

trendmicro/worry-free_business_security 10.0 sp1

trendmicro/worry-free_business_security_services

Published Sep 19, 2023

KEV Added Sep 21, 2023

Tracked Since Feb 18, 2026