CVE-2022-28394

HIGH

Trend Micro Password Manager <3.7.0.1223 - DLL Injection

Title source: llm

Description

EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).

References (3)

Scores

CVSS v3 7.8
EPSS 0.0009
EPSS Percentile 25.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-427
Status published

Affected Products (1)

trendmicro/password_manager < 3.7.0.1223

Timeline

Published May 27, 2022
Tracked Since Feb 18, 2026