CVE-2022-40980 A vulnerability in Trend Micro Mobile Security for Enterprise 9.8 could allow an attacker with access to the Management Server to delete files.

An unsecure update mechanism in Trend Micro Mobile Security could result in an unsecure update to a vulnerable device. This issue was resolved in 9.8 SP5. An unsecure update mechanism in Trend Micro Mobile Security could result in a device receiving an unauthorized update. This issue was resolved in 9.8 SP5. A potential unsecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an unauthorized update. This issue was resolved in 9.8 SP5. An unsecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an unauthorized update. This issue was resolved in 9.8 SP5. A potential insecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an update from an unverified source. This issue was resolved in 9.8 SP5. An insecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an insecure update. This issue was resolved in 9.8 SP5.

Table of Contents https://www.trendmicro.com/en-us/solutions/global-security/threat-center/report.aspx?id=CVE-2022-40980

Trend Micro Mobile Security, 9.8 SP5, CVE-2022-40980
An unsecure update mechanism in Trend Micro Mobile Security could result in an unsecure update to a vulnerable device. This issue was resolved in 9.8 SP5. An unsecure update mechanism in Trend Micro Mobile Security could result in a device receiving an unauthorized update. This issue was resolved in 9.8 SP5. A potential unsecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an unauthorized update. This issue was resolved in 9.8 SP5. An unsecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an unauthorized update. This issue was resolved in 9.8 SP5. A potential insecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an update from an unverified source. This issue was resolved in 9.8 SP5  A insecure update mechanism of the same product could result  in a device receiving an insecure update

Trend Micro Deep Discovery Inspector

An insecure update mechanism in Trend Micro Mobile Security Enterprise could result in a device receiving an insecure update. This issue was resolved in 9.8 SP5.

Trend Micro™ Network Services Alerts

Trend Micro™ Network Services alerts are system messages published by the Trend Micro™ Smart Protection Network ™  device to notify the user of a potential compromise.

Trend Micro Deep Security

There are currently three potentially vulnerable updates in Trend Micro's Mobile Security Enterprise. The only update I see worth discussing is the one regarding unsecure updates.

The issue with unsecure updates in Trend Micro Mobile Security Enterprise was resolved in 9.8 SP5.

Timeline

Published on: 09/19/2022 18:15:00 UTC
Last modified on: 09/21/2022 18:15:00 UTC

References

• https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40980