[Japanese]

JVNDB-2022-002295

Multiple vulnerabilities in Trend Micro Security

Overview

Trend Micro Incorporated has released security updates for Trend Micro Security.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-30703


CVSS V3 Severity:
Base Metrics:5.5 (Medium) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-30702
Affected Products


Trend Micro, Inc.
  • Trend Micro Security 2022
  • Trend Micro Security 2021

Impact

Trend Micro Security 2022

* Information disclosure due to an Out-Of-Bounds Read vulnerability
* Information disclosure and privilege escalation due to an exposed dangerous method vulnerability

Trend Micro Security 2021

* Information disclosure and privilege escalation due to an exposed dangerous method vulnerability
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate feature.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Out-of-bounds Read(CWE-125) [NVD Evaluation]
  2. No Mapping(CWE-noinfo) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2022-30702
  2. CVE-2022-30703
References

  1. JVN : JVNVU#93109244
  2. National Vulnerability Database (NVD) : CVE-2022-30702
  3. National Vulnerability Database (NVD) : CVE-2022-30703
Revision History

  • [2022/08/19]
      Web page was published