Vulnerabilites related to trendmicro - maximum_security_2022
Vulnerability from fkie_nvd
Published
2023-06-26 22:15
Modified
2024-11-21 07:56
Severity ?
Summary
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F9724-D955-435A-AA01-88DC5D097202",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98F87CB2-043E-4840-9BDB-94DEADDB45B5",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52BED273-F568-44A6-A4E6-EA47DEE456AA",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1356F4-D159-4B8B-826C-4924BD2704C2",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6FC368-0C19-4305-B795-C6B8D1762C04",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1430D6-5373-4B65-A178-3F9AA3BC59F7",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA389598-92CB-4FD5-8589-B4BDC8E6B304",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3517E4-310E-4018-8AAF-79276A1FBD27",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7CA3C-D4DF-4AAF-95FE-797B2D39A96D",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C50CA3-D54A-4C3D-9FE3-0CB2D112A488",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A9A81B-252B-463D-BD28-7EF505009468",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E3DEF9-B144-441A-8A00-BC1D4EAD9DB0",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"id": "CVE-2023-28929",
"lastModified": "2024-11-21T07:56:14.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-26T22:15:09.733",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-27 00:15
Modified
2024-11-21 07:03
Severity ?
Summary
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://helpcenter.trendmicro.com/en-us/article/tmka-11017 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-789/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpcenter.trendmicro.com/en-us/article/tmka-11017 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-789/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | maximum_security_2022 | 17.7 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2022:17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7225BF53-129A-4CB7-8E51-8556A81A61B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
},
{
"lang": "es",
"value": "Trend Micro Maximum Security 2022 es vulnerable a la siguiente vulnerabilidad que podr\u00eda permitir a un usuario local con pocos privilegios manipular la funci\u00f3n de borrado seguro del producto para eliminar archivos arbitrarios"
}
],
"id": "CVE-2022-30687",
"lastModified": "2024-11-21T07:03:10.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-27T00:15:08.333",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-20 07:15
Modified
2024-11-21 07:32
Severity ?
Summary
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://helpcenter.trendmicro.com/en-us/article/tmka-11252 | Patch, Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-23-053/ | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpcenter.trendmicro.com/en-us/article/tmka-11252 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-23-053/ | Patch, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | maximum_security_2022 | 17.7 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2022:17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7225BF53-129A-4CB7-8E51-8556A81A61B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Trend Micro Maximum Security 2022 (17.7) en la que un usuario con pocos privilegios puede escribir un ejecutable malicioso conocido en una ubicaci\u00f3n espec\u00edfica y, en el proceso de eliminaci\u00f3n y restauraci\u00f3n, un atacante podr\u00eda reemplazar una carpeta original con un punto de montaje arbitrario. ubicaci\u00f3n, lo que permite una escalada de privilegios en un sistema afectado."
}
],
"id": "CVE-2022-48191",
"lastModified": "2024-11-21T07:32:57.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-20T07:15:12.010",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"source": "security@trendmicro.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-28929
Vulnerability from cvelistv5
Published
2023-06-26 21:52
Modified
2024-12-05 15:46
Severity ?
EPSS score ?
Summary
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Security (Consumer) |
Version: 2023 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:trend_micro_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trend_micro_security",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:42:15.626436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:46:07.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:52:22.423Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-28929",
"datePublished": "2023-06-26T21:52:22.423Z",
"dateReserved": "2023-03-27T22:16:25.202Z",
"dateUpdated": "2024-12-05T15:46:07.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-48191
Vulnerability from cvelistv5
Published
2023-01-18 23:07
Modified
2024-08-03 15:10
Severity ?
EPSS score ?
Summary
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Maxium Security (Consumer) |
Version: 2022 (17.7) ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maxium Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7",
"status": "affected",
"version": "2022 (17.7)",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T05:13:20.976821Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-48191",
"datePublished": "2023-01-18T23:07:41.149Z",
"dateReserved": "2022-12-30T02:27:10.986Z",
"dateUpdated": "2024-08-03T15:10:59.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30687
Vulnerability from cvelistv5
Published
2022-05-26 23:25
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/tmka-11017 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-789/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Maximum Security |
Version: 2022 (17.7) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Maximum Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2022 (17.7)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T16:10:32",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-30687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Maximum Security",
"version": {
"version_data": [
{
"version_value": "2022 (17.7)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product\u0027s secure erase feature to delete arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-30687",
"datePublished": "2022-05-26T23:25:28",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}