Auto-merge PR#7608

2025-08-04 08:44:25 +00:00 · 2022-10-10 16:45:24 -04:00 · 2022-10-10 16:45:24 -04:00 · 2b719ae5f0
commit 2b719ae5f0
parent 942088597f 175f51b54a
6 changed files with 369 additions and 102 deletions
--- a/2022/41xxx/CVE-2022-41744.json
+++ b/2022/41xxx/CVE-2022-41744.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41744",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2022-41744",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Apex One",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (on-prem) and SaaS"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Time-of-Check Time-of-Use LPE"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://success.trendmicro.com/solution/000291645"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-1404/"
+			}
+		]
+	}
+}
--- a/2022/41xxx/CVE-2022-41745.json
+++ b/2022/41xxx/CVE-2022-41745.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41745",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2022-41745",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Apex One",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (on-prem) and SaaS"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "OOB Access"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://success.trendmicro.com/solution/000291645"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-1401/"
+			}
+		]
+	}
+}
--- a/2022/41xxx/CVE-2022-41746.json
+++ b/2022/41xxx/CVE-2022-41746.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41746",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2022-41746",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Apex One",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (on-prem) and SaaS"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings.\r\n\r\nPlease note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Forced Browsing LPE"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://success.trendmicro.com/solution/000291645"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-1403/"
+			}
+		]
+	}
+}
--- a/2022/41xxx/CVE-2022-41747.json
+++ b/2022/41xxx/CVE-2022-41747.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41747",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2022-41747",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Apex One",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (on-prem) and SaaS"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Improper Certification Validation"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://success.trendmicro.com/solution/000291645"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-1402/"
+			}
+		]
+	}
+}
--- a/2022/41xxx/CVE-2022-41748.json
+++ b/2022/41xxx/CVE-2022-41748.json
@ -1,18 +1,60 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41748",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2022-41748",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Apex One",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (on-prem) and SaaS"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations.\r\n\r\nPlease note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Registry Permissions"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://success.trendmicro.com/solution/000291645"
+			}
+		]
+	}
+}
--- a/2022/41xxx/CVE-2022-41749.json
+++ b/2022/41xxx/CVE-2022-41749.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41749",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2022-41749",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Apex One",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (on-prem) and SaaS"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Origin Validation Error"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://success.trendmicro.com/solution/000291645"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-1400/"
+			}
+		]
+	}
+}