How severe is CVE-2022-41748?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2022-41748?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2022-41748 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.

Related Vulnerabilities

CVE-2019-14510

MEDIUM

CVSS:6.7(Medium)

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server ...

CWE-2762019

CVE-2019-14718

MEDIUM

CVSS:6.7(Medium)

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

CWE-2762019

CVE-2020-0122

MEDIUM

CVSS:6.7(Medium)

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of pri...

CWE-2762020

CVE-2020-25593

MEDIUM

CVSS:6.7(Medium)

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

CWE-2762020

CVE-2020-29489

MEDIUM

CVSS:6.7(Medium)

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password ...

CWE-2762020

CVE-2020-8701

MEDIUM

CVSS:6.7(Medium)

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-2762020