Vulnerability Details : CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.
Products affected by CVE-2022-41746
- cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:apex_one:-:*:*:*:saas:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-41746
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41746
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2022-41746
-
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-41746
-
https://success.trendmicro.com/solution/000291645
Case SolutionPatch;Vendor Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-22-1403/
ZDI-22-1403 | Zero Day InitiativeThird Party Advisory;VDB Entry
Jump to