CVE-2022-23119

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

1.2%

top 20.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Deep Security Agent Trend Micro Trend Micro Deep Security Agent FOR Linux

Timeline

PublishedJan 20

Latest updateJan 21

Description

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_deep_security_agent_for_linux20, 12, 11, 10

▶NVDtrendmicro/deep_security_agent20.0 — 20.0.0-3445+3

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-rhw6-mfvp-rwr4: A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an↗2022-01-21

▶

CVEList

CVE-2022-23119: A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an↗2022-01-20

▶