|
[Japanese]
|
JVNDB-2022-001948
|
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
|
|
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.2 (High) [NVD Score]
- Access Vector: Local
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
|
|
|
Trend Micro, Inc.
- Apex One 2019
- Apex One SaaS
|
|
|
* Privilege escalation and arbitrary DLL loading due to an incorrect permission assignment vulnerability
* Privilege escalation and arbitrary DLL loading due to an uncontrolled search path element vulnerability
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The issue in Apex One as a Service is fixed in the March 2022 updates.
|
|
Trend Micro, Inc.
|
|
- Incorrect Permission Assignment for Critical Resource(CWE-732) [NVD Evaluation]
- Uncontrolled Search Path Element(CWE-427) [NVD Evaluation]
|
|
- CVE-2022-30700
- CVE-2022-30701
|
|
- JVN : JVNVU#90675050
- National Vulnerability Database (NVD) : CVE-2022-30700
- National Vulnerability Database (NVD) : CVE-2022-30701
|
|
- [2022/06/03]
Web page was published
- [2024/06/18]
CVSS Severity was modified
CWE was modified
References : Contents were added
|
