CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30700 – Trend Micro Apex One Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30700
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de asignación de permisos incorrecta en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local cargar una DLL con privilegios escalados en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne Security Agent. • https://success.trendmicro.com/solution/000291008 https://www.zerodayinitiative.com/advisories/ZDI-22-790 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30701 – Trend Micro Apex One Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-30701
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de elemento de ruta de búsqueda no controlada en Trend Micro Apex One y Apex One as a Service podría permitir a un atacante local elaborar un archivo de configuración especial para cargar una biblioteca no fiable con privilegios escalados en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. • https://success.trendmicro.com/solution/000291008 https://www.zerodayinitiative.com/advisories/ZDI-22-797 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 18%CPEs: 2EXPL: 0CVE-2022-26871 – Trend Micro Apex Central Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2022-26871
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. Una vulnerabilidad de carga de archivos arbitrarios en Trend Micro Apex Central podría permitir a un atacante remoto no autenticado cargar un archivo arbitrario que podría conllevar a una ejecución de código remota An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. • https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435 https://jvn.jp/vu/JVNVU99107357 https://success.trendmicro.com/jp/solution/000290660 https://success.trendmicro.com/solution/000290678 https://www.jpcert.or.jp/english/at/2022/at220008.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24679 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24679
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios local en los agentes Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security versión 10.0 SP1 y Trend Micro Worry-Free Business Security Services podría permitir a un atacante local crear una carpeta con capacidad de escritura en una ubicación arbitraria y escalar los privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NT Apex One RealTime Scan Service. • https://success.trendmicro.com/solution/000290464 https://success.trendmicro.com/solution/000290486 https://www.zerodayinitiative.com/advisories/ZDI-22-370 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24680 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24680
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios local en los agentes Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security versión 10.0 SP1 y Trend Micro Worry-Free Business Security Services podría permitir a un atacante local crear un punto de montaje y aprovecharlo para la eliminación arbitraria de carpetas, conllevando a una escalada de privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NT Apex One RealTime Scan Service. • https://success.trendmicro.com/solution/000290464 https://success.trendmicro.com/solution/000290486 https://www.zerodayinitiative.com/advisories/ZDI-22-369 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •