CVE-2022-26871
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro | Trend Micro Apex Central | 2019 (on-premise), SaaS | affected |
Weaknesses
- Arbitrary File Upload
ADP Enrichment
CVE Program Container
Additional References
- https://success.trendmicro.com/solution/000290678
- https://success.trendmicro.com/jp/solution/000290660
- https://www.jpcert.or.jp/english/at/2022/at220008.html
- https://jvn.jp/vu/JVNVU99107357
- https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://success.trendmicro.com/solution/000290678
- https://success.trendmicro.com/jp/solution/000290660
- https://www.jpcert.or.jp/english/at/2022/at220008.html
- https://jvn.jp/vu/JVNVU99107357
- https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.