cvelistv5 - CVE-2022-37348

CVE-2022-37348 (GCVE-0-2022-37348)

Vulnerability from cvelistv5

Published

2022-09-19 18:00

Modified

2024-08-03 10:29

Severity ?

CWE

OOB Read Information Disclosure

Summary

References

URL

	Vendor	Product	Version
	Trend Micro	Trend Micro Security (Consumer)	Version: 2022 (17.7.1383 and below)

CVE-2022-37348

Vulnerability from jvndb

Published

2023-03-03 11:10

Modified

2024-06-13 17:06

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Trend Micro Maximum Security

Details

Trend Micro Incorporated has released security updates for Trend Micro Maximum Security. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU96882769/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-30687
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-34893
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-35234
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-37347
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-37348
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-48191
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-30687
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-34893
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-35234
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-37347
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-37348
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-48191
	Link Following(CWE-59)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Out-of-bounds Read(CWE-125)	https://cwe.mitre.org/data/definitions/125.html
	Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)	https://cwe.mitre.org/data/definitions/367.html

Impacted products

Vendor

Product

	Trend Micro, Inc.	Trend Micro Maximum Security 2022
	Trend Micro, Inc.	Trend Micro Security

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001291.html",
  "dc:date": "2024-06-13T17:06+09:00",
  "dcterms:issued": "2023-03-03T11:10+09:00",
  "dcterms:modified": "2024-06-13T17:06+09:00",
  "description": "Trend Micro Incorporated has released security updates for Trend Micro Maximum Security.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001291.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:maximum_security_2022",
      "@product": "Trend Micro Maximum Security 2022",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:security",
      "@product": "Trend Micro Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-001291",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU96882769/index.html",
      "@id": "JVNVU#96882769",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-30687",
      "@id": "CVE-2022-30687",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-34893",
      "@id": "CVE-2022-34893",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-35234",
      "@id": "CVE-2022-35234",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-37347",
      "@id": "CVE-2022-37347",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-37348",
      "@id": "CVE-2022-37348",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-48191",
      "@id": "CVE-2022-48191",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30687",
      "@id": "CVE-2022-30687",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-34893",
      "@id": "CVE-2022-34893",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35234",
      "@id": "CVE-2022-35234",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-37347",
      "@id": "CVE-2022-37347",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-37348",
      "@id": "CVE-2022-37348",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-48191",
      "@id": "CVE-2022-48191",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-59",
      "@title": "Link Following(CWE-59)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/367.html",
      "@id": "CWE-367",
      "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Maximum Security"
}

gsd-2022-37348

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-37348

Aliases

CVE-2022-37348

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-37348",
    "description": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.",
    "id": "GSD-2022-37348"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-37348"
      ],
      "details": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.",
      "id": "GSD-2022-37348",
      "modified": "2023-12-13T01:19:13.195143Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2022-37348",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Security (Consumer)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2022 (17.7.1383 and below)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OOB Read Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058",
            "refsource": "MISC",
            "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1383",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-37348"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177/"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-09-22T15:01Z",
      "publishedDate": "2022-09-19T18:15Z"
    }
  }
}

var-202208-2362

Vulnerability from variot

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. Virus Buster from Trend Micro Inc. An update for the cloud has been released. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but you may be impacted by: Please refer to the respective advisory provided by the developer for details. Cloud version 17.7 It was * Arbitrary file deletion due to link interpretation problem when accessing file in data erasure tool - CVE-2022-30687 It was * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348 It was * Time-of-check Time-of-use (( TOCTOU ) Privilege escalation due to race condition vulnerability - CVE-2022-48191 virus buster Cloud version 17.0 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the User Mode Hooking Monitor Engine. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202208-2362",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "security",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "17.7.1383"
      },
      {
        "model": "\u30a6\u30a4\u30eb\u30b9\u30d0\u30b9\u30bf\u30fc \u30af\u30e9\u30a6\u30c9",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
        "version": "virus buster   cloud   17.7"
      },
      {
        "model": "\u30a6\u30a4\u30eb\u30b9\u30d0\u30b9\u30bf\u30fc \u30af\u30e9\u30a6\u30c9",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
        "version": null
      },
      {
        "model": "\u30a6\u30a4\u30eb\u30b9\u30d0\u30b9\u30bf\u30fc \u30af\u30e9\u30a6\u30c9",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30c8\u30ec\u30f3\u30c9\u30de\u30a4\u30af\u30ed",
        "version": "virus buster   cloud   17.0"
      },
      {
        "model": "maximum security",
        "scope": null,
        "trust": 0.7,
        "vendor": "trend micro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2022-37348",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-37348",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-37348",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2022-37348",
            "impactScore": 2.5,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-37348",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-37348",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2022-37348",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-1509",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. Virus Buster from Trend Micro Inc. An update for the cloud has been released. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but you may be impacted by: Please refer to the respective advisory provided by the developer for details. Cloud version 17.7 It was * Arbitrary file deletion due to link interpretation problem when accessing file in data erasure tool - CVE-2022-30687 It was * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348 It was * Time-of-check Time-of-use (( TOCTOU ) Privilege escalation due to race condition vulnerability - CVE-2022-48191 virus buster Cloud version 17.0 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the User Mode Hooking Monitor Engine. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-37348",
        "trust": 3.9
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-1177",
        "trust": 2.3
      },
      {
        "db": "JVN",
        "id": "JVNVU96882769",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-16606",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "id": "VAR-202208-2362",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.09586056
  },
  "last_update_date": "2024-08-14T14:10:35.355000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Alert / Advisory: Antivirus \u00a0 About cloud vulnerabilities (CVE-2022-35234/CVE-2022-37347/CVE-2022-37348) Trend Micro",
        "trust": 0.8,
        "url": "https://helpcenter.trendmicro.com/ja-jp/article/tmka-11014"
      },
      {
        "title": "Trend Micro has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
      },
      {
        "title": "Trend Micro Security (Consumer) Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=208775"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "Link interpretation problem (CWE-59) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds read (CWE-125) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-1177/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu96882769/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30687"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34893"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-35234"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37347"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-37348"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-48191"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-37348/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-31T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "date": "2023-03-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "date": "2022-09-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      },
      {
        "date": "2022-09-19T18:15:09.807000",
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-31T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-1177"
      },
      {
        "date": "2024-06-13T07:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      },
      {
        "date": "2022-09-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      },
      {
        "date": "2022-09-22T15:01:32.527000",
        "db": "NVD",
        "id": "CVE-2022-37348"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trend Micro antivirus \u00a0 Multiple vulnerabilities in the cloud",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001291"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-1509"
      }
    ],
    "trust": 0.6
  }
}

ghsa-65m7-7mf5-g6wj

Vulnerability from github

Published

2022-09-20 00:00

Modified

2022-09-23 00:00

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-37348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-19T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.",
  "id": "GHSA-65m7-7mf5-g6wj",
  "modified": "2022-09-23T00:00:41Z",
  "published": "2022-09-20T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37348"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2022-37348

Vulnerability from fkie_nvd

Published

2022-09-19 18:15

Modified

2024-11-21 07:14

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@trendmicro.com	https://helpcenter.trendmicro.com/en-us/article/tmka-11058	Patch, Vendor Advisory
security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-22-1177/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://helpcenter.trendmicro.com/en-us/article/tmka-11058	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-1177/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	trendmicro	security	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96A0B617-896A-47ED-B2B6-D9AB9C4AC6C4",
              "versionEndIncluding": "17.7.1383",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347."
    },
    {
      "lang": "es",
      "value": "Trend Micro Security versiones 2021 y 2022 (Consumer) es vulnerable a una Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n de Lectura Fuera de L\u00edmites que podr\u00eda permitir a un atacante leer informaci\u00f3n confidencial de otras ubicaciones de memoria y causar un bloqueo en un equipo afectado. Esta vulnerabilidad es similar, pero no igual, a CVE-2022-37347"
    }
  ],
  "id": "CVE-2022-37348",
  "lastModified": "2024-11-21T07:14:48.693",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-19T18:15:09.807",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1177/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-37348 (GCVE-0-2022-37348)

Vulnerability from cvelistv5

CVE-2022-37348

Vulnerability from jvndb

gsd-2022-37348

Vulnerability from gsd

var-202208-2362

Vulnerability from variot

ghsa-65m7-7mf5-g6wj

Vulnerability from github

fkie_cve-2022-37348

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature