Local Privilege Escalation Vulnerability in Trend Micro Apex One and Worry-Free Business Security
CVE-2022-36336

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex One; Trend Micro Worry-free Business Security
Vendor: CVE Published:; 30 July 2022

Summary

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents allows local attackers to escalate their privileges on affected installations. This could lead to unauthorized access or manipulation of sensitive information. Trend Micro has resolved this issue through an automatic update via ActiveUpdate, ensuring that customers running the latest detection patterns remain protected without requiring further action.

Affected Version(s)

Trend Micro Apex One 2019 and SaaS

Trend Micro Worry-Free Business Security 10.0 SP1 and SaaS

References

https://success.trendmicro.com/solution/000291267

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-22-1033/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2022
Vulnerability Reserved
Jul 20, 2022