- 263/2022
- High
Trend Micro has released new patches to address several vulnerabilities in Trend Micro Apex One and Apex One as a Service.
The released security updates resolve several vulnerabilities having severity ratings from medium to high. The attacker could exploit some of these vulnerabilities to obtain sensitive information or gain privileged access on the affected system.
Samples of the addressed vulnerabilities:
- Security Agent Time-of-Check Time-of-Use Privilege Escalation Vulnerability (CVE-2022-44651):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
- Improper Handling of Exceptional Conditions Privilege Escalation Vulnerability (CVE-2022-44652):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2022-44647
- CVE-2022-44648
- CVE-2022-44649
- CVE-2022-44650
- CVE-2022-44651
- CVE-2022-44652
- CVE-2022-44653
- CVE-2022-44654
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
https://success.trendmicro.com/dcx/s/solution/000291770?language=en_US