Multiple Vulnerabilities in Trend Micro Apex One
Indian - Computer Emergency Response Team (cert-in.org.in)
Severity Rating: HIGH
Software Affected
Trend Micro Apex One - 2019 (On-prem)
Trend Micro Apex One as a Service (SaaS)
Overview
Multiple
vulnerabilities have been reported in Trend Micro Apex One, which could
allow an attacker to access sensitive information, gain elevated
privileges or bypass security restrictions on the targeted system.
Description
1. Information Disclosure Vulnerabilities ( CVE-2022-44647 CVE-2022-44648 )
These
vulnerabilities exist in Trend Micro Apex One and Apex One as a Service
due to an out-of-bounds read error. Successful exploitation of these
vulnerabilities could allow a local attacker to disclose sensitive
information of the targeted system.
2. Privilege Escalation Vulnerabilities ( CVE-2022-44649 CVE-2022-44650 CVE-2022-44651 CVE-2022-44652 CVE-2022-44653 )
These
vulnerabilities exist in Trend Micro Apex One and Apex One as a Service
due to an out-of-bounds access error, memory corruption error in the
Unauthorized Change Prevention service, a Time-of-Check Time-Of-Use
error, improper handling of exceptional conditions, or directory
traversal error. Successful exploitation of these vulnerabilities could
allow a local attacker to gain escalated privileges on the targeted
system.
3. Security Bypass Vulnerability ( CVE-2022-44654 )
This
vulnerability exists in the monitor engine component of Trend Micro
Apex One and Apex One as a Service which is complied without the
/SAFESEH memory protection mechanism. An attacker could exploit this
vulnerability by sending malicious payloads to the affected system.
Successful exploitation of this vulnerability could allow the attacker
to bypass security restrictions on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
Vendor Information
Trend Micro
References
Trend Micro
CVE Name
CVE-2022-44647
CVE-2022-44648
CVE-2022-44649
CVE-2022-44650
CVE-2022-44651
CVE-2022-44652
CVE-2022-44653
CVE-2022-44654
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.