CVE-2022-45798

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified)

Description A link following vulnerability in the Damage Cleanup Engine component could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue.

Recommendations For Trend Micro Apex One, consider restricting access to the Damage Cleanup Engine component until a patch is available. For Trend Micro Apex One as a Service, consider disabling the Damage Cleanup Engine component temporarily to minimize the risk of exploitation. As a temporary workaround, avoid using the Damage Cleanup Engine component in situations where low-privileged code execution is possible, until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.