CVE-2022-24680

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One versions 10.0 SP1 and earlier Trend Micro Apex One as a Service versions prior to the fixed version Trend Micro Worry-Free Business Security 10.0 SP1 and earlier Trend Micro Worry-Free Business Security Services agents versions prior to the fixed version

Description A local privilege escalation vulnerability could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Recommendations For Trend Micro Apex One version 10.0 SP1, update to a version that includes the fix for this issue. For Trend Micro Apex One as a Service, update to a version that includes the fix for this issue. For Trend Micro Worry-Free Business Security 10.0 SP1, update to a version that includes the fix for this issue. For Trend Micro Worry-Free Business Security Services agents, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.