9.1

CVE-2022-41746

EPSS 0.62%
Veröffentlicht 10.10.2022 21:15:11
Zuletzt bearbeitet 21.11.2024 07:23:46
Quelle security@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Apex One Version- SwEditionsaas

Microsoft ≫ Windows Version-

Trendmicro ≫ Apex One Version2019

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.69

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://success.trendmicro.com/solution/000291645

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-22-1403/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-41746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41746

EUVD