CVE-2022-44653
Description
A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in Trend Micro Apex One Security Agent allows local attackers to escalate privileges to SYSTEM.
Vulnerability
A directory traversal vulnerability exists in the Trend Micro Apex One Security Agent's Client Plug-in Service Manager. The issue occurs due to lack of proper validation of a user-supplied path prior to using it in file operations. This affects Trend Micro Apex One and Apex One as a Service. [1]
Exploitation
An attacker must first obtain the ability to execute low-privileged code on the target system. Then, by providing a crafted path, the attacker can exploit the directory traversal to perform arbitrary file operations, leading to privilege escalation. [1]
Impact
Successful exploitation allows an attacker to escalate privileges to SYSTEM and execute arbitrary code in that context, resulting in full compromise of confidentiality, integrity, and availability. [1]
Mitigation
Not yet disclosed in the available references.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Trend Micro, Inc./Trend Micro Apex Onev5Range: On Premise (14.0)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.