CVE-2022-41746

critical

Description

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.

References

https://www.zerodayinitiative.com/advisories/ZDI-22-1403/

https://success.trendmicro.com/solution/000291645

Details

Source: Mitre, NVD

Published: 2022-10-10

Updated: 2022-10-11

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: Critical