JVNDB-2023-001291

[Japanese]
JVNDB-2023-001291
Multiple vulnerabilities in Trend Micro Maximum Security
Overview
Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.8 (High) [NVD Score] Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Trend Micro, Inc. Trend Micro Maximum Security 2022 Trend Micro Security 2022

Impact
Trend Micro Maximum Security 2022 * Arbitrary file deletion due to link interpretation problems during file access - CVE-2022-30687 * privilege escalation due to Time-of-check Time-of-use (TOCTOU) race condition vulnerability - CVE-2022-48191 Trend Micro Security 2022 * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 * Information disclosure due to an Out-Of-Bounds Read vulnerability - CVE-2022-35234, CVE-2022-37347, CVE-2022-37348
Solution
[Update the software] Update the software to the latest version according to the information provided by the developer. The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate feature.
Vendor Information
Trend Micro, Inc. Trend Micro Incorporated : Security Bulletin: Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability Trend Micro Incorporated : Security Bulletin: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability Trend Micro Incorporated : Security Bulletin: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability Trend Micro Incorporated : Security Bulletin: Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
CWE (What is CWE?)
Link Following(CWE-59) [NVD Evaluation] Out-of-bounds Read(CWE-125) [NVD Evaluation] Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367) [NVD Evaluation]
CVE (What is CVE?)
CVE-2022-30687 CVE-2022-34893 CVE-2022-35234 CVE-2022-37347 CVE-2022-37348 CVE-2022-48191
References
JVN : JVNVU#96882769 National Vulnerability Database (NVD) : CVE-2022-30687 National Vulnerability Database (NVD) : CVE-2022-34893 National Vulnerability Database (NVD) : CVE-2022-35234 National Vulnerability Database (NVD) : CVE-2022-37347 National Vulnerability Database (NVD) : CVE-2022-37348 National Vulnerability Database (NVD) : CVE-2022-48191
Revision History
[2023/03/03] Web page was published [2024/06/13] CVSS Severity was modified CWE were modified


Date Public	2023/03/01
Date First Published	2023/03/03
Date Last Updated	2024/06/13

Multiple vulnerabilities in Trend Micro Maximum Security