CVE-2022-26337

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.2%
top 54.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trendmicro Password ManagerTrend Micro Trend Micro Password Manager
Timeline
PublishedMar 8
Latest updateMar 9

Description

Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/password_manager< 5.0.0.1266
CVEListV5trend_micro/trend_micro_password_manager5.0.0.1262 and below

Patches

Patch: helpcenter.trendmicro.comPatch: helpcenter.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-ggw3-7qwx-v9j9: Trend Micro Password Manager (Consumer) installer version 52022-03-09
CVEList
CVE-2022-26337: Trend Micro Password Manager (Consumer) installer version 52022-03-08
CVE-2022-26337 (HIGH CVSS 7.8) | Trend Micro Password Manager (Consu | cvebase.io