CVE-2022-36336

Опубликовано: 30 июл. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.

Ссылки

https://success.trendmicro.com/solution/000291267
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1033/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/000291267
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1033/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*

cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

7.8 High

CVSS3

Дефекты

CWE-59

Связанные уязвимости

GHSA-j3r2-6983-xh2v