Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation


Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc.
  • Apex One On Premise (2019)
  • Apex One as a Service
  • Worry-Free Business Security 10.0 SP1
  • Worry-Free Business Security Services


A non-administrative user of the system where the affected product is installed may obtain the administrative privilege.
For more information, refer to the information provided by the developer.

[Update Spyware pattern]
Update Spyware pattern to the latest version according to the information provided by the developer.
Spyware Pattern 25.27 and later that addresses this vulnerability is available and it is automatically applied through the product's automatic ActiveUpdate feature.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2022-36336

  1. JVN : JVNVU#96643038
  2. National Vulnerability Database (NVD) : CVE-2022-36336
Revision History

  • [2022/08/18]
      Web page was published