CVE-2022-45797
Last modified
CVE-2022-45797 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Apex One | All versions |
| Trendmicro | Apex One | 2019 |
References
- https://success.trendmicro.com/solution/000291830Vendor Advisory
- https://success.trendmicro.com/solution/000291830Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-45797?
How severe is CVE-2022-45797?
How do I fix CVE-2022-45797?
Are you affected by CVE-2022-45797?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST