Lucene search

[email protected]CVE-2022-41746

HistoryOct 10, 2022 - 9:15 p.m.

CVE-2022-41746

2022-10-1021:15:11

CWE-425

[email protected]

web.nvd.nist.gov

cve-2022-41746

trend micro

apex one

vulnerability

forced browsing

privilege escalation

agent groupings

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

trendmicroapex_oneMatch-saas

trendmicroapex_oneMatch2019

CPENameOperatorVersion
trendmicro:apex_onetrendmicro apex oneeq-
trendmicro:apex_onetrendmicro apex oneeq2019

CPE	Name	Operator	Version
trendmicro:apex_one	trendmicro apex one	eq	-
trendmicro:apex_one	trendmicro apex one	eq	2019

CNA Affected

[
  {
    "vendor": "Trend Micro",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "2019 (on-prem) and SaaS",
        "status": "affected"
      }
    ]
  }
]

References

success.trendmicro.com/solution/000291645

www.zerodayinitiative.com/advisories/ZDI-22-1403/

Social References

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

Related for CVE-2022-41746

zdi1 prion1 cvelist1 nvd1