[Japanese]

JVNDB-2022-001809

Trend Micro Password Manager vulnerable to privilege escalation

Overview

Trend Micro Incorporated has released a security update for Trend Micro Password Manager.

Trend Micro Incorporated reported the vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.2 (High) [NVD Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Trend Micro, Inc.
  • Password Manager for Windows 5.0.0.1266 and earlier

Impact

A non-administrative user of the system where the affected product is installed may obtain the administrative privilege. As a result, arbitrary code may be executed on the system.
For more information, refer to the information provided by the developer.
Solution

[Update the Software]
Update the Software to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's automatic update mechanism.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Link Following(CWE-59) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2022-30523
References

  1. JVN : JVNVU#92641706
  2. National Vulnerability Database (NVD) : CVE-2022-30523
Revision History

  • [2022/05/24]
      Web page was published
  • [2024/06/18]
      CVSS Severity was modified
      CWE was modified
      References : Content was added

Date Public2022/05/23
Date First Published2022/05/24
Date Last Updated2024/06/18