Vulnerability-Lookup

CVE-2022-41744 (GCVE-0-2022-41744)

Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 12:49

Summary

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Severity ?

No CVSS data available.

CWE

Time-of-Check Time-of-Use LPE

Assigner

trendmicro

References

URL

	Vendor	Product	Version
	Trend Micro	Trend Micro Apex One	Affected: 2019 (on-prem) and SaaS

FKIE_CVE-2022-41744

Vulnerability from fkie_nvd - Published: 2022-10-10 21:15 - Updated: 2024-11-21 07:23

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@trendmicro.com	https://success.trendmicro.com/solution/000291645	Patch, Vendor Advisory
security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-22-1404/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://success.trendmicro.com/solution/000291645	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-1404/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
trendmicro	apex_one	-
trendmicro	apex_one	2019
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*",
              "matchCriteriaId": "97D177B6-2542-4D3D-873D-0243DEE3F0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad del componente integrado Trend Micro Apex One Vulnerability Protection podr\u00eda permitir a un atacante local escalar privilegios y convertir un directorio de trabajo espec\u00edfico en un punto de montaje en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2022-41744",
  "lastModified": "2024-11-21T07:23:46.690",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-10T21:15:11.823",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2022-87350

Vulnerability from cnvd - Published: 2022-12-14

Title

Trend Micro Apex One权限提升漏洞

Description

Trend Micro Apex One是美国趋势科技（Trend Micro）公司的一款终端防护软件。 Trend Micro Apex One 2019 (on-prem)、SaaS版本存在权限提升漏洞，该漏洞源于Vulnerability Protection Service检查时间使用本地时间，攻击者可利用漏洞提升权限并将特定工作目录变成受影响安装的挂载点。

Severity

中

Patch Name

Trend Micro Apex One权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://success.trendmicro.com/solution/000291645

Reference

https://success.trendmicro.com/solution/000291645

Impacted products

Name
['Trend Micro Apex One SaaS', 'Trend Micro Apex One 2019 (on-prem)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41744",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41744"
    }
  },
  "description": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\n\nTrend Micro Apex One 2019 (on-prem)\u3001SaaS\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eVulnerability Protection Service\u68c0\u67e5\u65f6\u95f4\u4f7f\u7528\u672c\u5730\u65f6\u95f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u5e76\u5c06\u7279\u5b9a\u5de5\u4f5c\u76ee\u5f55\u53d8\u6210\u53d7\u5f71\u54cd\u5b89\u88c5\u7684\u6302\u8f7d\u70b9\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://success.trendmicro.com/solution/000291645",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-87350",
  "openTime": "2022-12-14",
  "patchDescription": "Trend Micro Apex One\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7ec8\u7aef\u9632\u62a4\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Apex One 2019 (on-prem)\u3001SaaS\u7248\u672c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eVulnerability Protection Service\u68c0\u67e5\u65f6\u95f4\u4f7f\u7528\u672c\u5730\u65f6\u95f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u5e76\u5c06\u7279\u5b9a\u5de5\u4f5c\u76ee\u5f55\u53d8\u6210\u53d7\u5f71\u54cd\u5b89\u88c5\u7684\u6302\u8f7d\u70b9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Apex One\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Trend Micro Apex One SaaS",
      "Trend Micro Apex One 2019 (on-prem)"
    ]
  },
  "referenceLink": "https://success.trendmicro.com/solution/000291645",
  "serverity": "\u4e2d",
  "submitTime": "2022-10-12",
  "title": "Trend Micro Apex One\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

JVNDB-2022-002544

Vulnerability from jvndb - Published: 2022-10-20 16:18 - Updated:2024-06-13 13:58

Severity ?

9.1 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Details

Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU97131578/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41744
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41745
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41746
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41747
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41748
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-41749
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41744
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41745
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41746
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41747
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41748
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41749
	Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)	https://cwe.mitre.org/data/definitions/367.html
	Out-of-bounds Read(CWE-125)	https://cwe.mitre.org/data/definitions/125.html
	Direct Request ('Forced Browsing')(CWE-425)	https://cwe.mitre.org/data/definitions/425.html
	Improper Certificate Validation(CWE-295)	https://cwe.mitre.org/data/definitions/295.html
	Incorrect Default Permissions(CWE-276)	https://cwe.mitre.org/data/definitions/276.html
	Origin Validation Error(CWE-346)	https://cwe.mitre.org/data/definitions/346.html

Impacted products

Vendor

Product

Trend Micro, Inc.

Apex One

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002544.html",
  "dc:date": "2024-06-13T13:58+09:00",
  "dcterms:issued": "2022-10-20T16:18+09:00",
  "dcterms:modified": "2024-06-13T13:58+09:00",
  "description": "Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002544.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:apex_one",
    "@product": "Apex One",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "9.1",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002544",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU97131578/index.html",
      "@id": "JVNVU#97131578",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41744",
      "@id": "CVE-2022-41744",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41745",
      "@id": "CVE-2022-41745",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41746",
      "@id": "CVE-2022-41746",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41747",
      "@id": "CVE-2022-41747",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41748",
      "@id": "CVE-2022-41748",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-41749",
      "@id": "CVE-2022-41749",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41744",
      "@id": "CVE-2022-41744",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41745",
      "@id": "CVE-2022-41745",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41746",
      "@id": "CVE-2022-41746",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41747",
      "@id": "CVE-2022-41747",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41748",
      "@id": "CVE-2022-41748",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-41749",
      "@id": "CVE-2022-41749",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/367.html",
      "@id": "CWE-367",
      "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/425.html",
      "@id": "CWE-425",
      "@title": "Direct Request (\u0027Forced Browsing\u0027)(CWE-425)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/295.html",
      "@id": "CWE-295",
      "@title": "Improper Certificate Validation(CWE-295)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/276.html",
      "@id": "CWE-276",
      "@title": "Incorrect Default Permissions(CWE-276)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/346.html",
      "@id": "CWE-346",
      "@title": "Origin Validation Error(CWE-346)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service"
}

GSD-2022-41744

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41744

Aliases

CVE-2022-41744

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41744",
    "id": "GSD-2022-41744"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41744"
      ],
      "details": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
      "id": "GSD-2022-41744",
      "modified": "2023-12-13T01:19:33.182523Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2022-41744",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Apex One",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2019 (on-prem) and SaaS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Time-of-Check Time-of-Use LPE"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://success.trendmicro.com/solution/000291645",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000291645"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-41744"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-367"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000291645",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/solution/000291645"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-11T20:14Z",
      "publishedDate": "2022-10-10T21:15Z"
    }
  }
}

GHSA-8439-JWP7-67HH

Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-12 12:00

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-8439-jwp7-67hh",
  "modified": "2022-10-12T12:00:23Z",
  "published": "2022-10-11T12:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41744"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000291645"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1404"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2022-AVI-884

Vulnerability from certfr_avis - Published: 2022-10-06 - Updated: 2022-10-06

De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Trend Micro	Apex One	Apex One (on-prem) versions antérieures à CP 11110/11102
	Trend Micro	Apex One	Apex One (SaaS) sans la mise à jour mensuelle de septembre 2022

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41744 (GCVE-0-2022-41744)

FKIE_CVE-2022-41744

CNVD-2022-87350

JVNDB-2022-002544

GSD-2022-41744

GHSA-8439-JWP7-67HH

CERTFR-2022-AVI-884

Solution

Tags

Sightings

Nomenclature