JVNDB-2022-002448

[Japanese]
JVNDB-2022-002448
Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows
Overview
Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products
Windows-based agents of the following products are affected by these vulnerabilities.
Trend Micro, Inc. Cloud One Workload Security Version 20 Deep Security Agent Version 20

Impact
* Information disclosure due to an Out-Of-Bounds Read vulnerabilities * Privilege escalation due to link following vulnerability
Solution
[Apply the patch] Apply the appropriate patch according to the information provided by the developer.
Vendor Information
Trend Micro, Inc. Trend Micro Incorporated : SECURITY BULLETIN: September 2022 Security Bulletin for Trend Micro Deep Security 20 and Cloud One - Workload Security Agents
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2022-40707 CVE-2022-40708 CVE-2022-40709 CVE-2022-40710
References
JVN : JVNVU#99960963 National Vulnerability Database (NVD) : CVE-2022-40707 National Vulnerability Database (NVD) : CVE-2022-40708 National Vulnerability Database (NVD) : CVE-2022-40709 National Vulnerability Database (NVD) : CVE-2022-40710
Revision History
[2022/10/11] Web page was published

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows