CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30687 – Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2022-30687
26 May 2022 — Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. Trend Micro Maximum Security 2022 es vulnerable a la siguiente vulnerabilidad que podría permitir a un usuario local con pocos privilegios manipular la función de borrado seguro del producto para eliminar archivos arbitrarios This vulnerability allows local attackers to delete arbitrary files on affected ins... • https://helpcenter.trendmicro.com/en-us/article/tmka-11017 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26319
https://notcve.org/view.php?id=CVE-2022-26319
08 Mar 2022 — An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad del elemento de parche de búsqueda del instalador en Trend Micro Portable Security versiones 3.0 Pro, 3.0 y 2.0 podría ... • https://success.trendmicro.com/solution/000290531 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24678 – Trend Micro Apex One Security Agent Resource Exhaustion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-24678
16 Feb 2022 — An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow an attacker to flood a temporary log location and consume all disk space on affected installations. Una vulnerabilidad de denegación de servicio por agotamiento de recursos del agente de seguridad en los agentes Trend Micro Apex One, Trend Micro Apex One as a... • https://success.trendmicro.com/solution/000290464 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24679 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24679
16 Feb 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabili... • https://success.trendmicro.com/solution/000290464 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24680 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24680
16 Feb 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in ord... • https://success.trendmicro.com/solution/000290464 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23805 – Trend Micro Worry-Free Business Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-23805
31 Jan 2022 — A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información de lectura fuera de límites en Trend Micro Worry-Free Business Security Server podría permitir a un a... • https://success.trendmicro.com/solution/000290416 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 84EXPL: 1CVE-2022-23120
https://notcve.org/view.php?id=CVE-2022-23120
20 Jan 2022 — A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability. Una vulnerabilidad de inyección de código en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versión 20 y an... • https://success.trendmicro.com/solution/000290104 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 3%CPEs: 84EXPL: 1CVE-2022-23119
https://notcve.org/view.php?id=CVE-2022-23119
20 Jan 2022 — A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability. Una vulnerabilidad de salto de directorio en Trend Micro Deep Security y Cloud One - Workload Security... • https://success.trendmicro.com/solution/000290104 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45231 – Trend Micro Apex One Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45231
06 Jan 2022 — A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalada de privilegios... • https://success.trendmicro.com/solution/000289996 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45441 – Trend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45441
06 Jan 2022 — A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de error de comprobación de origen en Trend Micro Apex One (on-prem y SaaS) podría permitir a un atacante ... • https://success.trendmicro.com/solution/000289996 • CWE-346: Origin Validation Error •