{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T08:20:42.845","vulnerabilities":[{"cve":{"id":"CVE-2023-52094","sourceIdentifier":"security@trendmicro.com","published":"2024-01-23T21:15:09.293","lastModified":"2025-06-20T19:15:27.507","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."},{"lang":"es","value":"Una vulnerabilidad de updater link following en el agente Trend Micro Apex One podría permitir que un atacante local abuse del actualizador para eliminar una carpeta arbitraria, lo que provocaría una escalada de privilegios locales en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:apex_one:*:*:*:*:saas:*:*:*","versionEndExcluding":"14.0.12849","matchCriteriaId":"A9E837BF-EABA-4A51-83D8-831044DA1AEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:apex_one:2019:-:*:*:*:*:*:*","matchCriteriaId":"219071B9-2D31-4E7F-A0AD-769FE0243B35"}]}]}],"references":[{"url":"https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US","source":"security@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-028/","source":"security@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-24-028/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}