CVE-2022-26871

Name of the Vulnerable Software and Affected Versions Trend Micro Apex Central (affected versions not specified)

Description The issue is related to an arbitrary file upload vulnerability that could allow an unauthenticated remote attacker to upload an arbitrary file, potentially leading to remote code execution. There have been reports of at least one active attempt to exploit this vulnerability in real-world conditions. The exploitation is considered complex and requires specific conditions. Trend Micro has released patches for SaaS versions and an update for local installations, and has also provided rules and filters for protection against exploitation attempts.

Recommendations At the moment, there is no information about specific affected versions that contains a fix for this vulnerability. However, it is recommended to update to the latest version, specifically the update 3 (build 6016) for local installations of Apex Central, as soon as possible to mitigate the risk of exploitation. Additionally, consider applying the provided rules and filters for Trend Micro Cloud One and Trend Micro Deep Discovery Inspector to protect against attempts to exploit this issue.