1) Absolute Path Traversal

EUVDB-ID: #VU69908

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-45797

CWE-ID: CWE-36 - Absolute Path Traversal

Exploit availability: Yes

Description

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to an error within the Damage Cleanup Engine component. A local user can delete arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - SP1 b11128

---

CPE2.3

• cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291830?language=en_US
http://i.blackhat.com/EU-22/Wednesday-Briefings/EU-22-Yair-Aikido-Turning-EDRs-to-Malicious-Wipers.pdf

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Link following

EUVDB-ID: #VU69909

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-45798

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to insecure symlink following issue in the Damage Cleanup Engine component. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apex One: 2019 - SP1 b11128

---

CPE2.3

• cpe:2.3:a:trend_micro:apex_one:SP1 b11128:*:*:*:*:*:*:*

External links

http://success.trendmicro.com/dcx/s/solution/000291830?language=en_US
http://www.zerodayinitiative.com/advisories/ZDI-22-1665/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?