CVE-2022-23119
HIGHTrend Micro Deep Security Agent < 20.0.0-3445 - Path Traversal
Title source: llmDescription
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.
References (2)
Core 2
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000290104
Exploit, Third Party Advisory x_refsource_misc
https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt
Scores
CVSS v3
7.5
EPSS
0.0122
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
trendmicro/deep_security_agent
10.0 (32 CPE variants)
trendmicro/deep_security_agent
11.0 (18 CPE variants)
Published
Jan 20, 2022
Tracked Since
Feb 18, 2026