CVE-2023-41179

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.

Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
trendmicroworry-free_business_security
10.0:sp1
trendmicroworry-free_business_security_services
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
trendmicroworry-free_business_security_services
𝑥
< *
ADP
trendmicroapex_one
2019
ADP
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU90967486/
https://success.trendmicro.com/jp/solution/000294706
https://success.trendmicro.com/solution/000294994
https://jvn.jp/en/vu/JVNVU90967486/
https://success.trendmicro.com/jp/solution/000294706
https://success.trendmicro.com/solution/000294994
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41179