Privilege escalation in Trend Micro Password Manager Installer
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-26337 |
| CWE-ID | CWE-428 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Password Manager Installer Other software / Other software solutions |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unquoted Search Path or Element
EUVDB-ID: #VU61038
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-26337
CWE-ID:
CWE-428 - Unquoted Search Path or Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to an uncontrolled search path element issue. A local attacker can use a specially crafted file to escalate privileges on the affected machine.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPassword Manager Installer: 5.0.0.1262
CPE2.3 External links
http://helpcenter.trendmicro.com/en-us/article/TMKA-10954
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
