CVE-2022-36336

Summary

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro Apex One2019 and SaaSaffected
Trend MicroTrend Micro Worry-Free Business Security10.0 SP1 and SaaSaffected

Weaknesses

  • Link Following LPE

ADP Enrichment

CVE Program Container

Additional References

References