CVE-2023-41179

CVE Database · CVE-2023-41179

CVE-2023-41179

· HIGHAnalyzed

CVSS v3.1

7.2

EPSS

4.74%

Published

Sep 19, 2023

Modified

Oct 31, 2025

CISA Known Exploited Vulnerability

Added: 2023-09-21 · Due: 2023-10-12

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-94CWE-94

Affected Products (5)

trendmicro · apex_onevulnerable

trendmicro · worry-free_business_securityvulnerable

trendmicro · worry-free_business_security_servicesvulnerable

microsoft · windows

References (7)

https://jvn.jp/en/vu/JVNVU90967486/

Third Party Advisory