CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*
cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:worry-free_business_security_services:-:*:*:*:saas:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-07-30 00:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-36336

Mitre link : CVE-2022-36336

CVE.ORG link : CVE-2022-36336


JSON object : View

Products Affected

trendmicro

  • apex_one
  • worry-free_business_security_services
  • worry-free_business_security

microsoft

  • windows
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')