CVE-2022-26871
CVE-2022-26871
In short
An attacker can upload any file to Trend Micro Apex Central without logging in, potentially allowing them to run malicious code on the server.
Technical detail
An unauthenticated remote attacker can exploit an arbitrary file upload vulnerability (CWE-345) in Trend Micro Apex Central to upload malicious files, leading to remote code execution on the affected system. No authentication is required to trigger this vulnerability, making it readily exploitable.
Summary generated and translated by AI from the official description.
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Trend Micro · Trend Micro Apex CentralWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435https://jvn.jp/vu/JVNVU99107357https://success.trendmicro.com/jp/solution/000290660https://success.trendmicro.com/solution/000290678https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26871https://www.jpcert.or.jp/english/at/2022/at220008.html