Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28394

EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).

Published

2022-05-27T00:15:08.287

Last Modified

2024-11-21T06:57:17.407

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	password_manager	< 3.7.0.1223	Yes

References

https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10977 Vendor Advisory ([email protected])
https://jvn.jp/en/jp/JVN60037444/ Third Party Advisory ([email protected])
https://jvn.jp/jp/JVN60037444/ Third Party Advisory ([email protected])
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10977 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN60037444/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/jp/JVN60037444/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)