[Japanese]

JVNDB-2023-001291

Multiple vulnerabilities in Trend Micro Maximum Security

Overview

Trend Micro Incorporated has released security updates for Trend Micro Maximum Security.

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Trend Micro, Inc.
  • Trend Micro Maximum Security 2022
  • Trend Micro Security 2022

Impact

Trend Micro Maximum Security 2022

* Arbitrary file deletion due to link interpretation problems during file access - CVE-2022-30687
* privilege escalation due to Time-of-check Time-of-use (TOCTOU) race condition vulnerability - CVE-2022-48191

Trend Micro Security 2022

* Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893
* Information disclosure due to an Out-Of-Bounds Read vulnerability - CVE-2022-35234, CVE-2022-37347, CVE-2022-37348
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate feature.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Link Following(CWE-59) [NVD Evaluation]
  2. Out-of-bounds Read(CWE-125) [NVD Evaluation]
  3. Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2022-30687
  2. CVE-2022-34893
  3. CVE-2022-35234
  4. CVE-2022-37347
  5. CVE-2022-37348
  6. CVE-2022-48191
References

  1. JVN : JVNVU#96882769
  2. National Vulnerability Database (NVD) : CVE-2022-30687
  3. National Vulnerability Database (NVD) : CVE-2022-34893
  4. National Vulnerability Database (NVD) : CVE-2022-35234
  5. National Vulnerability Database (NVD) : CVE-2022-37347
  6. National Vulnerability Database (NVD) : CVE-2022-37348
  7. National Vulnerability Database (NVD) : CVE-2022-48191
Revision History

  • [2023/03/03]
      Web page was published
  • [2024/06/13]
      CVSS Severity was modified
      CWE were modified