CVE-2022-23119: 
Trend Micro Deep Security Agent vulnerability analysis and mitigation

A directory traversal vulnerability (CVE-2022-23119) was discovered in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below. The vulnerability was reported to Trend Micro in September 2021 and patches were released between October and December 2021. The flaw could allow an attacker to read arbitrary files from the file system, but exploitation requires either compromised access to the target Deep Security Manager (DSM) or the target agent must not be activated or configured (Modzero Advisory).

The vulnerability stems from improper input validation in the GetCopiedFile command where both queryArgs.taskname and queryArgs.fileid parameters are attacker-controlled HTTP GET parameters. The flaw received a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD, Modzero Advisory).

If successfully exploited, the vulnerability allows an attacker to read arbitrary files from the file system. This could potentially lead to unauthorized access to sensitive information stored on the affected system (NVD).

Trend Micro released security updates to address this vulnerability. Users are advised to upgrade to the latest version of the affected products. The vendor supplied a test build in October 2021 that fixes the directory traversal issue (SecurityWeek, Modzero Advisory).