Trend Micro Apex Central security update-CVE-2022-26871

April 5, 2022

NAME

Trend MicroApex Central

  • Platforms Affected:
    Apex Central

  • Risk Level:
    medium

  • CVE Type:
    Unrestricted file upload

DESCRIPTION

CVE-2022-26871 is an unrestricted file upload vulnerability impacting multiple versions of Trend Micro Apex Central and Trend Micro Apex Central as a Service. A proof of concept (PoC) was not observed publicly or in the underground. Trend Micro claimed to be aware of the vulnerability being actively exploited in the wild.

CVSS Information:

  • CVSS 2.0 SCORE:
  • CVSS 3.0 SCORE: 8.6

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://appweb[.]trendmicro[.]com/supportNews/NewsDetail[.]aspx?id=4435

MITIGATION

Trend Micro addressed the vulnerability in a security advisory with an updated version.

  • Reference Link:
    https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix

November 5, 2024
hackerone

HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa

November 5, 2024
image

[EMBARGO] – Ransomware Victim: mh-m[.]org

November 5, 2024
image

[BIANLIAN] – Ransomware Victim: Falco Sult

November 5, 2024
image

[INCRANSOM] – Ransomware Victim: Webb Institute

November 5, 2024