|
[Japanese]
|
JVNDB-2022-002836
|
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
|
|
Trend Micro Incorporated has released security updates for Apex One and Apex One as a Service.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Trend Micro, Inc.
- Apex One On Premise (2019)
- Apex One as a Service
|
|
|
* Privilege escalation and file deletion in Damage Cleanup Engine component
* Privilege escalation due to a link following vulnerability in Damage Cleanup Engine component
|
|
[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released the following patch to fix these vulnerabilities.
* Trend Micro Apex One On Premise (2019) Service Pack 1 Critical Patch b11136
The issues in Trend Micro Apex One as a Service are already fixed in November 2022 updates (Agent 14.0.11840).
[Apply the Workaround]
Applying the following workaround may mitigate the impact of these vulnerabilities.
* Permit access to the product only from the trusted network
|
|
Trend Micro, Inc.
|
|
- Link Following(CWE-59) [NVD Evaluation]
- No Mapping(CWE-noinfo) [NVD Evaluation]
|
|
- CVE-2022-45797
- CVE-2022-45798
|
|
- JVN : JVNVU#96679793
- JVN : JVNVU#91848962
- National Vulnerability Database (NVD) : CVE-2022-45797
- National Vulnerability Database (NVD) : CVE-2022-45798
|
|
- [2022/12/26]
Web page was published
- [2023/02/22]
References : Contents were added
- [2024/05/30]
CVSS Severity was modified
References : Contents were added
|
