Vulnerability-Lookup

CVE-2022-41745 (GCVE-0-2022-41745)

Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 12:49

Summary

An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity ?

No CVSS data available.

CWE

OOB Access

Assigner

trendmicro

References

URL

	Vendor	Product	Version
	Trend Micro	Trend Micro Apex One	Affected: 2019 (on-prem) and SaaS

CNVD-2022-87367

Vulnerability from cnvd - Published: 2022-12-14

Title

Trend Micro Apex One越界访问漏洞

Description

Trend Micro Apex One是美国趋势科技（Trend Micro）公司的一款终端防护软件。 Trend Micro Apex One 2019 (on-prem)、SaaS版本存在越界访问漏洞，攻击者可利用漏洞创建特制消息以导致特定服务进程的内存损坏，这可能导致本地权限提升。

Severity

低

Patch Name

Trend Micro Apex One越界访问漏洞的补丁

Patch Description

Trend Micro Apex One是美国趋势科技（Trend Micro）公司的一款终端防护软件。 Trend Micro Apex One 2019 (on-prem)、SaaS版本存在越界访问漏洞，攻击者可利用漏洞创建特制消息以导致特定服务进程的内存损坏，这可能导致本地权限提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://success.trendmicro.com/solution/000291645

Reference

https://success.trendmicro.com/solution/000291645

Impacted products

Name
['Trend Micro Apex One SaaS', 'Trend Micro Apex One 2019 (on-prem)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41745",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41745"
    }
  },
  "description": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\n\nTrend Micro Apex One 2019 (on-prem)\u3001SaaS\u7248\u672c\u5b58\u5728\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u521b\u5efa\u7279\u5236\u6d88\u606f\u4ee5\u5bfc\u81f4\u7279\u5b9a\u670d\u52a1\u8fdb\u7a0b\u7684\u5185\u5b58\u635f\u574f\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://success.trendmicro.com/solution/000291645",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-87367",
  "openTime": "2022-12-14",
  "patchDescription": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Apex One 2019 (on-prem)\u3001SaaS\u7248\u672c\u5b58\u5728\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u521b\u5efa\u7279\u5236\u6d88\u606f\u4ee5\u5bfc\u81f4\u7279\u5b9a\u670d\u52a1\u8fdb\u7a0b\u7684\u5185\u5b58\u635f\u574f\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Apex One\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Trend Micro Apex One SaaS",
      "Trend Micro Apex One 2019 (on-prem)"
    ]
  },
  "referenceLink": "https://success.trendmicro.com/solution/000291645",
  "serverity": "\u4f4e",
  "submitTime": "2022-10-12",
  "title": "Trend Micro Apex One\u8d8a\u754c\u8bbf\u95ee\u6f0f\u6d1e"
}

FKIE_CVE-2022-41745

Vulnerability from fkie_nvd - Published: 2022-10-10 21:15 - Updated: 2024-11-21 07:23

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@trendmicro.com	https://success.trendmicro.com/solution/000291645	Patch, Vendor Advisory
security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-22-1401/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://success.trendmicro.com/solution/000291645	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-1401/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
trendmicro	apex_one	-
trendmicro	apex_one	2019
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*",
              "matchCriteriaId": "97D177B6-2542-4D3D-873D-0243DEE3F0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de acceso fuera de l\u00edmites en Trend Micro Apex One podr\u00eda permitir a un atacante local crear un mensaje especialmente dise\u00f1ado para causar la corrupci\u00f3n de la memoria en un determinado proceso de servicio que podr\u00eda conllevar a una escalada de privilegios local en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2022-41745",
  "lastModified": "2024-11-21T07:23:46.803",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-10T21:15:11.873",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2022-002544

Vulnerability from jvndb - Published: 2022-10-20 16:18 - Updated:2024-06-13 13:58

Severity ?

9.1 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Details

Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU97131578/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41744
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41745
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41746
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41747
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41748
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41749
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41744
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41745
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41746
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41747
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41748
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41749
	Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)	https://cwe.mitre.org/data/definitions/367.html
	Out-of-bounds Read(CWE-125)	https://cwe.mitre.org/data/definitions/125.html
	Direct Request ('Forced Browsing')(CWE-425)	https://cwe.mitre.org/data/definitions/425.html
	Improper Certificate Validation(CWE-295)	https://cwe.mitre.org/data/definitions/295.html
	Incorrect Default Permissions(CWE-276)	https://cwe.mitre.org/data/definitions/276.html
	Origin Validation Error(CWE-346)	https://cwe.mitre.org/data/definitions/346.html

Impacted products

Vendor

Product

Trend Micro, Inc.

Apex One

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002544.html",
  "dc:date": "2024-06-13T13:58+09:00",
  "dcterms:issued": "2022-10-20T16:18+09:00",
  "dcterms:modified": "2024-06-13T13:58+09:00",
  "description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002544.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:apex_one",
    "@product": "Apex One",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "9.1",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002544",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU97131578/index.html",
      "@id": "JVNVU#97131578",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41744",
      "@id": "CVE-2022-41744",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41745",
      "@id": "CVE-2022-41745",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41746",
      "@id": "CVE-2022-41746",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41747",
      "@id": "CVE-2022-41747",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41748",
      "@id": "CVE-2022-41748",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41749",
      "@id": "CVE-2022-41749",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41744",
      "@id": "CVE-2022-41744",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41745",
      "@id": "CVE-2022-41745",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41746",
      "@id": "CVE-2022-41746",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41747",
      "@id": "CVE-2022-41747",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41748",
      "@id": "CVE-2022-41748",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41749",
      "@id": "CVE-2022-41749",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/367.html",
      "@id": "CWE-367",
      "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/425.html",
      "@id": "CWE-425",
      "@title": "Direct Request (\u0027Forced Browsing\u0027)(CWE-425)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/295.html",
      "@id": "CWE-295",
      "@title": "Improper Certificate Validation(CWE-295)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/276.html",
      "@id": "CWE-276",
      "@title": "Incorrect Default Permissions(CWE-276)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/346.html",
      "@id": "CWE-346",
      "@title": "Origin Validation Error(CWE-346)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}

GSD-2022-41745

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41745

Aliases

CVE-2022-41745

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41745",
    "id": "GSD-2022-41745"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41745"
      ],
      "details": "An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
      "id": "GSD-2022-41745",
      "modified": "2023-12-13T01:19:32.963967Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2022-41745",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Apex One",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2019 (on-prem) and SaaS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OOB Access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://success.trendmicro.com/solution/000291645",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000291645"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-41745"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000291645",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/solution/000291645"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-11T20:03Z",
      "publishedDate": "2022-10-10T21:15Z"
    }
  }
}

GHSA-MXGM-XW93-5M49

Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-12 12:00

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41745"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-mxgm-xw93-5m49",
  "modified": "2022-10-12T12:00:24Z",
  "published": "2022-10-11T12:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41745"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1401"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2022-AVI-884

Vulnerability from certfr_avis - Published: 2022-10-06 - Updated: 2022-10-06

De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Trend Micro	Apex One	Apex One (on-prem) versions antérieures à CP 11110/11102
	Trend Micro	Apex One	Apex One (SaaS) sans la mise à jour mensuelle de septembre 2022

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41745 (GCVE-0-2022-41745)

CNVD-2022-87367

FKIE_CVE-2022-41745

JVNDB-2022-002544

GSD-2022-41745

GHSA-MXGM-XW93-5M49

CERTFR-2022-AVI-884

Solution

Tags

Sightings

Nomenclature