Summary
| Detail | |||
|---|---|---|---|
| Vendor | Trendmicro | First view | 2022-01-20 |
| Product | Deep Security Agent | Last view | 2022-01-20 |
| Version | 11.0 | Type | Application |
| Update | update26 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | long_term_support | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:trendmicro:deep_security_agent | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2022-01-20 | CVE-2022-23120 | A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability. |
| 7.5 | 2022-01-20 | CVE-2022-23119 | A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 50% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
