[Japanese]

JVNDB-2022-002265

Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation

Overview

Trend Micro Incorporated has released security updates for Endpoint security products for enterprises.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Trend Micro, Inc.
  • Apex One On Premise (2019)
  • Apex One as a Service
  • Worry-Free Business Security 10.0 SP1
  • Worry-Free Business Security Services

Impact

A non-administrative user of the system where the affected product is installed may obtain the administrative privilege.
For more information, refer to the information provided by the developer.
Solution

[Update Spyware pattern]
Update Spyware pattern to the latest version according to the information provided by the developer.
Spyware Pattern 25.27 and later that addresses this vulnerability is available and it is automatically applied through the product's automatic ActiveUpdate feature.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Link Following(CWE-59) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2022-36336
References

  1. JVN : JVNVU#96643038
  2. National Vulnerability Database (NVD) : CVE-2022-36336
Revision History

  • [2022/08/18]
      Web page was published
  • [2024/06/14]
      CVSS Severity was modified
      CWE was modified

Date Public2022/08/17
Date First Published2022/08/18
Date Last Updated2024/06/14