CVE-2022-28394
First published: Thu May 26 2022(Updated: )
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Password Manager | <3.7.0.1223 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-28394?
CVE-2022-28394 is classified as a medium severity vulnerability due to its potential to load malicious DLLs.
How do I fix CVE-2022-28394?
To fix CVE-2022-28394, ensure you upgrade to Trend Micro Password Manager version 3.7.0.1224 or later.
What type of issue is associated with CVE-2022-28394?
CVE-2022-28394 is associated with the insecure loading of Dynamic Link Libraries caused by a DLL search path issue in the installer.
Which versions of Trend Micro Password Manager are affected by CVE-2022-28394?
CVE-2022-28394 affects Trend Micro Password Manager versions up to and including 3.7.0.1223.
Is CVE-2022-28394 related to an end-of-life product?
Yes, CVE-2022-28394 pertains to an end-of-life product and may not receive further updates or support.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/trendmicro
- canonical/trendmicro password manager