Trend Micro Apex Central security update-CVE-2022-26871

April 5, 2022

NAME

Trend MicroApex Central

  • Platforms Affected:
    Apex Central

  • Risk Level:
    medium

  • CVE Type:
    Unrestricted file upload

DESCRIPTION

CVE-2022-26871 is an unrestricted file upload vulnerability impacting multiple versions of Trend Micro Apex Central and Trend Micro Apex Central as a Service. A proof of concept (PoC) was not observed publicly or in the underground. Trend Micro claimed to be aware of the vulnerability being actively exploited in the wild.

CVSS Information:

  • CVSS 2.0 SCORE:
  • CVSS 3.0 SCORE: 8.6

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://appweb[.]trendmicro[.]com/supportNews/NewsDetail[.]aspx?id=4435

MITIGATION

Trend Micro addressed the vulnerability in a security advisory with an updated version.

  • Reference Link:
    https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 22, 2024
image

[RANSOMHUB] – Ransomware Victim: blr[.]com

November 22, 2024
hackerone

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024
image

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024
image

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024