- 226/2022
- Critical
Trend Micro has released a new critical patch to address several vulnerabilities in Trend Micro Apex One SP1 and Apex One SaaS.
The released security updates resolve several vulnerabilities having severity ratings from medium to critical. The remote attacker could exploit some of these vulnerabilities to gain privileged access to the affected system.
Samples of the addressed vulnerabilities:
1. Apex One Forced Browsing Privilege Escalation (CVE-2022-41746):
• CVSS: 9.1
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: High
• User Interaction: None
• Consequences: Gain Privileges
2. Apex One Security Agent Improper Certification Validation Privilege Escalation (CVE-2022-41747):
• CVSS: 7.8
• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Privileges
Vulnerabilities
• CVE-2022-41744
• CVE-2022-41745
• CVE-2022-41746
• CVE-2022-41747
• CVE-2022-41748
• CVE-2022-41749
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.