Primary

Context

Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability

Vulnerability

Patched

A Server-side Request Forgery (SSRF) vulnerability has been identified in the modOSCE component of Trend Micro Apex Central (on-premise) versions prior to build 6955. This vulnerability allows attackers to manipulate certain parameters, potentially leading to unauthorized information disclosure on affected installations.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive information from the affected Apex Central installation.

Remediation

Users of Trend Micro Apex Central (on-premise) should update to build 6955. For those using Apex Central (SaaS), the March 2025 Monthly Maintenance Release addresses this vulnerability.

Added: Jun 17, 2025, 8:24 PM

Updated: Jun 17, 2025, 8:58 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Apex Central modOSCE Server-Side Request Forgery Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Trend Micro Apex Central

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating