All the vulnerabilites related to Trend Micro, Inc. - Password Manager
jvndb-2022-001404
Vulnerability from jvndb
Published
2022-03-11 15:55
Modified
2022-03-11 15:55
Severity ?
Summary
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Details
Trend Micro Incorporated has released a security update for Trend Micro Password Manager.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU96777901/index.html | |
| JVN | https://jvn.jp/en/ta/JVNTA91240916/ | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-26337 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-26337 | |
| Uncontrolled Search Path Element(CWE-427) | https://cwe.mitre.org/data/definitions/427.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Password Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001404.html",
"dc:date": "2022-03-11T15:55+09:00",
"dcterms:issued": "2022-03-11T15:55+09:00",
"dcterms:modified": "2022-03-11T15:55+09:00",
"description": "Trend Micro Incorporated has released a security update for Trend Micro Password Manager.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001404.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-001404",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96777901/index.html",
"@id": "JVNVU#96777901",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-26337",
"@id": "CVE-2022-26337",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26337",
"@id": "CVE-2022-26337",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/427.html",
"@id": "CWE-427",
"@title": "Uncontrolled Search Path Element(CWE-427)"
}
],
"title": "Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries"
}
jvndb-2020-000004
Vulnerability from jvndb
Published
2020-01-17 15:01
Modified
2020-01-17 15:01
Severity ?
Summary
Trend Micro Password Manager vulnerable to information disclosure
Details
Password Manager provided by Trend Micro Incorporated contains an information disclosure vulnerability (CWE-200).
Under certain conditions, the information ID, password etc. managed by Password Manager are kept on the memory in plaintext. They may be retrieved when the memory scan is done.
Note that this vulnerability is different from JVN#37183636.
BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN49593434/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15625 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2019-15625 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000004.html",
"dc:date": "2020-01-17T15:01+09:00",
"dcterms:issued": "2020-01-17T15:01+09:00",
"dcterms:modified": "2020-01-17T15:01+09:00",
"description": "Password Manager provided by Trend Micro Incorporated contains an information disclosure vulnerability (CWE-200).\r\nUnder certain conditions, the information ID, password etc. managed by Password Manager are kept on the memory in plaintext. They may be retrieved when the memory scan is done.\r\n\r\nNote that this vulnerability is different from JVN#37183636.\r\n\r\nBlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000004.html",
"sec:cpe": [
{
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "1.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000004",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49593434/index.html",
"@id": "JVN#49593434",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15625",
"@id": "CVE-2019-15625",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-15625",
"@id": "CVE-2019-15625",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Trend Micro Password Manager vulnerable to information disclosure"
}
jvndb-2022-000032
Vulnerability from jvndb
Published
2022-05-11 15:21
Modified
2024-06-18 17:46
Severity ?
Summary
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Details
Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Password Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000032.html",
"dc:date": "2024-06-18T17:46+09:00",
"dcterms:issued": "2022-05-11T15:21+09:00",
"dcterms:modified": "2024-06-18T17:46+09:00",
"description": "Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000032.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000032",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN60037444/index.html",
"@id": "JVN#60037444",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-28394",
"@id": "CVE-2022-28394",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28394",
"@id": "CVE-2022-28394",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries"
}
jvndb-2020-000005
Vulnerability from jvndb
Published
2020-01-17 15:08
Modified
2020-01-17 15:08
Severity ?
Summary
Trend Micro Password Manager vulnerable to information disclosure
Details
Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation.
The generated private key is not properly protected and any non-administrative user can retrieve the private key (CWE-200).
Note that this vulnerability is different from JVN#49593434.
BlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN37183636/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19696 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2019-19696 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Password Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000005.html",
"dc:date": "2020-01-17T15:08+09:00",
"dcterms:issued": "2020-01-17T15:08+09:00",
"dcterms:modified": "2020-01-17T15:08+09:00",
"description": "Password Manager provided by Trend Micro Incorporated generates a key pair and a root certificate on product installation.\r\nThe generated private key is not properly protected and any non-administrative user can retrieve the private key (CWE-200).\r\n\r\nNote that this vulnerability is different from JVN#49593434.\r\n\r\nBlackWingCat of PinkFlyingWhale reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000005.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "1.7",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000005",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37183636/index.html",
"@id": "JVN#37183636",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19696",
"@id": "CVE-2019-19696",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-19696",
"@id": "CVE-2019-19696",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Trend Micro Password Manager vulnerable to information disclosure"
}
jvndb-2022-001809
Vulnerability from jvndb
Published
2022-05-24 15:27
Modified
2024-06-18 17:52
Severity ?
Summary
Trend Micro Password Manager vulnerable to privilege escalation
Details
Trend Micro Incorporated has released a security update for Trend Micro Password Manager.
Trend Micro Incorporated reported the vulnerability to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Password Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001809.html",
"dc:date": "2024-06-18T17:52+09:00",
"dcterms:issued": "2022-05-24T15:27+09:00",
"dcterms:modified": "2024-06-18T17:52+09:00",
"description": "Trend Micro Incorporated has released a security update for Trend Micro Password Manager.\r\n\r\nTrend Micro Incorporated reported the vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001809.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-001809",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU92641706/index.html",
"@id": "JVNVU#92641706",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-30523",
"@id": "CVE-2022-30523",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30523",
"@id": "CVE-2022-30523",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-59",
"@title": "Link Following(CWE-59)"
}
],
"title": "Trend Micro Password Manager vulnerable to privilege escalation"
}
jvndb-2021-001968
Vulnerability from jvndb
Published
2021-07-06 16:08
Modified
2021-07-06 16:08
Severity ?
Summary
Multiple vulnerabilities in Trend Micro Password Manager
Details
Trend Micro Incorporated has released a security update for Trend Micro Password Manager.
Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU93149000/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32461 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32462 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-32461 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-32462 | |
| Incorrect Conversion between Numeric Types(CWE-681) | http://cwe.mitre.org/data/definitions/681.html | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Password Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001968.html",
"dc:date": "2021-07-06T16:08+09:00",
"dcterms:issued": "2021-07-06T16:08+09:00",
"dcterms:modified": "2021-07-06T16:08+09:00",
"description": "Trend Micro Incorporated has released a security update for Trend Micro Password Manager.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001968.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-001968",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93149000/",
"@id": "JVNVU#93149000",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32461",
"@id": "CVE-2021-32461",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32462",
"@id": "CVE-2021-32462",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32461",
"@id": "CVE-2021-32461",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32462",
"@id": "CVE-2021-32462",
"@source": "NVD"
},
{
"#text": "http://cwe.mitre.org/data/definitions/681.html",
"@id": "CWE-681",
"@title": "Incorrect Conversion between Numeric Types(CWE-681)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Trend Micro Password Manager"
}
jvndb-2021-001374
Vulnerability from jvndb
Published
2021-04-20 12:25
Modified
2021-04-20 12:25
Severity ?
Summary
Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Details
Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU98074915/index.html | |
| JVN | https://jvn.jp/en/ta/JVNTA91240916/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28647 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-28647 | |
| Uncontrolled Search Path Element(CWE-427) | https://cwe.mitre.org/data/definitions/427.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Trend Micro, Inc. | Password Manager |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001374.html",
"dc:date": "2021-04-20T12:25+09:00",
"dcterms:issued": "2021-04-20T12:25+09:00",
"dcterms:modified": "2021-04-20T12:25+09:00",
"description": "Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001374.html",
"sec:cpe": {
"#text": "cpe:/a:trendmicro:password_manager",
"@product": "Password Manager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-001374",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98074915/index.html",
"@id": "JVNVU#98074915",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28647",
"@id": "CVE-2021-28647",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-28647",
"@id": "CVE-2021-28647",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/427.html",
"@id": "CWE-427",
"@title": "Uncontrolled Search Path Element(CWE-427)"
}
],
"title": "Trend Micro Password Manager may insecurely load Dynamic Link Libraries"
}