PT-2022-18998 · Trend Micro · Trend Micro Password Manager

Eiji James Yoshida

Published

2022-05-26

Updated

2022-06-08

CVE-2022-28394

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below

Description The issue is related to the DLL search path in the installer, which may lead to insecurely loading Dynamic Link Libraries. This was reported on an end-of-life version of the product.

Recommendations For versions 3.7.0.1223 and below, upgrade to the latest supported version (5.x) to resolve the issue.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2022-28394

Affected Products

Trend Micro Password Manager

PT-2022-18998 · Trend Micro · Trend Micro Password Manager

CVE-2022-28394

Weakness Enumeration

Related Identifiers

Affected Products

References · 6