Uncontrolled Search Path Element Vulnerability in Trend Micro Password Manager
CVE-2022-26337

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Password Manager
Vendor: CVE Published:; 8 March 2022

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2022-26337?

The Trend Micro Password Manager (Consumer) versions up to and including 5.0.0.1262 are susceptible to an Uncontrolled Search Path Element vulnerability. This issue may allow an attacker to exploit the system by employing a specially crafted file, potentially leading to local privilege escalation on the affected device. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Trend Micro Password Manager 5.0.0.1262 and below

References

https://helpcenter.trendmicro.com/en-us/article/tmka-10954

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Mar 1, 2022