[Japanese]

JVNDB-2022-001948

Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service

Overview

Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Apex One 2019
  • Apex One SaaS

Impact

* Privilege escalation and arbitrary DLL loading due to an incorrect permission assignment vulnerability
* Privilege escalation and arbitrary DLL loading due to an uncontrolled search path element vulnerability
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The issue in Apex One as a Service is fixed in the March 2022 updates.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2022-30700
  2. CVE-2022-30701
References

  1. JVN : JVNVU#90675050
Revision History

  • [2022/06/03]
      Web page was published

Date Public2022/06/02
Date First Published2022/06/03
Date Last Updated2022/06/03