cvelistv5 - cve-2022-23119

cve-2022-23119

Vulnerability from cvelistv5

Published

2022-01-20 18:11

Modified

2024-08-03 03:36

Severity ?

Summary

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.

References

▼	URL	Tags
	security@trendmicro.com	https://success.trendmicro.com/solution/000290104	Mitigation, Patch, Vendor Advisory
	security@trendmicro.com	https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt	Exploit, Third Party Advisory

Impacted products

▼	Vendor	Product
	Trend Micro	Trend Micro Deep Security Agent for Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290104"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent for Linux",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "20, 12, 11, 10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-20T18:11:17",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290104"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-23119",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Deep Security Agent for Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "20, 12, 11, 10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290104",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290104"
            },
            {
              "name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
              "refsource": "MISC",
              "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-23119",
    "datePublished": "2022-01-20T18:11:17",
    "dateReserved": "2022-01-11T00:00:00",
    "dateUpdated": "2024-08-03T03:36:19.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23119\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2022-01-20T19:15:07.907\",\"lastModified\":\"2022-01-27T16:09:44.363\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de directorio en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versi\u00f3n 20 y anteriores, podr\u00eda permitir a un atacante leer archivos arbitrarios del sistema de archivos. Nota: un atacante debe obtener primero un acceso comprometido al Deep Security Manager (DSM) de destino o el agente de destino no debe estar a\u00fan activado o configurado para poder explotar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*\",\"versionStartIncluding\":\"20.0\",\"versionEndExcluding\":\"20.0.0-3445\",\"matchCriteriaId\":\"B0C257E3-8965-419B-A1CF-A36A0694E772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"321EB924-8AD5-4BA2-808A-25F802B675B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"09B1BB7D-D806-43B6-B9C4-D7996545C92D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"FC319EA4-53C8-4DE2-AA77-AF51EF8EE2C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E75B8D37-71C4-46D8-BDEA-4092D3EA422A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"43976B40-11D5-43AB-9204-6D749204121B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F3D52AB1-7932-4257-A779-76A10FBEE4A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BD9BD10B-BE86-47AC-AB0C-A107A066B234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"36FED81B-AE50-42EB-9F86-37EF97C9453F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B7410926-0A0F-4D7D-93AE-11812B0BFAF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E28EE556-D322-4B03-9C8B-F6DE9A73E3F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A009F12A-125E-4B4C-ABAD-AFDF52AC9E33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3A165D79-C3B8-453B-B845-FE7C75FCD887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"42B6F868-C72D-49D1-B70F-25F6BDCD9A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7130DB44-4550-4D28-8114-2C89C7490C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"283217E3-921F-407C-B08A-5D71C4A39AC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"353D2026-D8DA-4C4B-A933-6BF33C85751E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BF1DCC0C-E834-436F-8FB1-BD3E857FDCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"EC19A050-324B-427A-BE1C-B9030A07DB7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E06D04C4-B1F2-4CC0-BD7D-1125001A2211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"14E90A61-DEC5-4EF0-BFD2-6740F20A8E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"0FACE806-A137-4F32-A975-A0DCC7613252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BDB1F56A-D134-49D8-88D0-F9E80E2051FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"EEC17CCA-83FF-45D3-9CDB-27C5E1FA1D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"03AC8F33-76DE-4159-8FB8-2552D420083A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"661512DC-94BF-4033-BCCF-CEB0B4CF30CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7DBDF5F7-124B-4776-9803-6A03FEDB2075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F0D3A45A-1D11-45E0-92D3-E7398CB049E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"C22891AE-781F-4212-B1D3-9E4F5FB0C14E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A71E3B80-F9A9-45F6-95F5-B6B352FAC27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"16AAC654-6F7E-4557-B03C-1EAD8C6ABB1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"6E3B910C-0D6E-4E4A-BB0D-40A540AC3F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"12A1E116-286E-4A47-A44E-360EEA8880AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E943BEB7-FE23-46EA-ADF0-7F98A4B3CA47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F88232D0-FEEF-485D-B1C9-221C4E967194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7C108DC0-117F-46ED-9A72-D876D8203A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F67BDB9D-A5B8-4510-8C1D-963BBFF2DCA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"1DBFF14B-08E0-4A49-8A74-919F3A5A3D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B909B6D7-52B8-4165-9864-3A05F25EC25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3B642F2C-D882-418E-8A24-6BD8C40DF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A78B7332-7A88-4BC3-9816-60438392C96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B53E159E-9723-4AA2-AA30-B20FB8BE1823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"8BBC6429-3B3A-4CB2-9829-F0B3DEE23CC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D55E7CCF-A94E-469A-95EC-37D378AAFB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"CB6149B2-EDDA-4AB0-B089-5F165776194E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E14C97A1-E3A1-44E4-9400-D2338809857A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E9CA17B2-29B0-440E-9941-A286F11D3FBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"C2DF06E1-A427-4F8C-B317-9BD4DF53BB75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B5660651-78FC-4EB3-9C63-02AE21098F20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"84CB2D0C-D84D-420C-9BB7-1744F9D106D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"5E889298-AF8C-41FB-9130-5E977D4A9F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"519FABA6-389D-4F7A-994A-0B6840FC01D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2BABC000-62AE-48EA-952E-E2735702C5FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"60502D21-2275-4A71-A1C3-E9F7730DC26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F0A6CCFE-B2ED-495C-BAA7-6EBD86DB4DEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"625C44C4-6753-43F4-BD40-BC7B0BD4D063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A0A04ED2-5ED5-46E3-BE03-79AD3B31F08F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"8677CC3F-D1C5-493F-9078-3C47DE38C3C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F7D02C0C-CCA6-45DB-A3CC-8CB3454FE4DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"08C0A5A4-5F01-4DDE-84A2-816DEAA2CF3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3807FB6F-B75B-425D-BF5F-0B6C2501908E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7D8B777A-D631-476A-B161-D704F25A9BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F2239884-756F-4032-BC83-38969192C062\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"C85FB7B4-15AB-4D71-B8E4-FD72BCA47943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"EEBC3261-6785-494A-AF69-9B9E92C1C449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"4BDE013F-B4E8-433C-BD95-E6578E8B6E2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"1BD1467E-E658-4F27-8123-6C27C99E95A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A9611071-E484-4F32-8F18-FD299A60E335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D65290CE-9638-45C4-96F9-C0B676FAA834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D257AA23-A28F-4110-819F-7D0F246DD2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A9F8542C-ED04-483C-AB27-D4FE55558951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2616E2DF-8FB3-4B8C-B329-334D794242E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"9C9471AE-E7C2-4789-907D-EC5F1195431E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"4CB292C1-9467-4987-B670-927287503F46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"0418BDF2-673B-40CF-BC64-7C4C24AA72FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"14370D4B-5141-4581-8F92-7F9BDB885282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2D2D0C04-948C-4B24-A6EC-FB54A57077F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"6F454D5A-1C03-42F6-8639-FC550F5D8B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"1A824F50-CB92-4FE2-B097-C4DD9E8D65FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"DB62D225-22C1-4452-856A-EFE31CC6FA0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"FD084BE9-D333-4495-874D-4E7DF892494D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B1CB2EC1-3CEF-4033-A6BB-328D53752BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"ED56C9F2-19A4-4E1E-BF02-8E192415E09F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/solution/000290104\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

gsd-2022-23119

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-23119

Aliases

CVE-2022-23119

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23119",
    "description": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.",
    "id": "GSD-2022-23119"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23119"
      ],
      "details": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.",
      "id": "GSD-2022-23119",
      "modified": "2023-12-13T01:19:35.073649Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2022-23119",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Deep Security Agent for Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "20, 12, 11, 10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Directory Traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://success.trendmicro.com/solution/000290104",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000290104"
          },
          {
            "name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
            "refsource": "MISC",
            "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.0.0-3445",
                    "versionStartIncluding": "20.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-23119"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290104",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/solution/000290104"
            },
            {
              "name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-01-27T16:09Z",
      "publishedDate": "2022-01-20T19:15Z"
    }
  }
}

cve-2022-23119

Vulnerability from jvndb

Published

2022-01-25 13:35

Modified

2022-01-25 13:35

Severity ?

7.0 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Details

Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. * Directory Traversal (CWE-22) - CVE-2022-23119 * Code Injection (CWE-94) - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept (PoC) code exploiting these vulnerabilities have already been made public. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU95024141/
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-23119
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-23120
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23119
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23120
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Trend Micro, Inc.	Cloud One Workload Security
	Trend Micro, Inc.	Deep Security Agent

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001097.html",
  "dc:date": "2022-01-25T13:35+09:00",
  "dcterms:issued": "2022-01-25T13:35+09:00",
  "dcterms:modified": "2022-01-25T13:35+09:00",
  "description": "Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n  * Directory Traversal (CWE-22) - CVE-2022-23119\r\n  * Code Injection (CWE-94) - CVE-2022-23120\r\n\r\nAs of 2022 January 24, a Proof-of-Concept (PoC) code exploiting these vulnerabilities have already been made public.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001097.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:cloud_one_workload_security",
      "@product": "Cloud One Workload Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security_agent",
      "@product": "Deep Security Agent",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-001097",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU95024141/",
      "@id": "JVNVU#95024141",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-23119",
      "@id": "CVE-2022-23119",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-23120",
      "@id": "CVE-2022-23120",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23119",
      "@id": "CVE-2022-23119",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23120",
      "@id": "CVE-2022-23120",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux"
}

ghsa-rhw6-mfvp-rwr4

Vulnerability from github

Published

2022-01-21 00:00

Modified

2022-01-28 00:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-23119"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-20T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.",
  "id": "GHSA-rhw6-mfvp-rwr4",
  "modified": "2022-01-28T00:03:57Z",
  "published": "2022-01-21T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23119"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000290104"
    },
    {
      "type": "WEB",
      "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2022-23119

Vulnerability from cvelistv5

gsd-2022-23119

Vulnerability from gsd

cve-2022-23119

Vulnerability from jvndb

ghsa-rhw6-mfvp-rwr4

Vulnerability from github

Tags

Sightings

Nomenclature