CVE-2022-26871
Trend Micro Apex Central Arbitrary File Upload Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Una vulnerabilidad de carga de archivos arbitrarios en Trend Micro Apex Central podría permitir a un atacante remoto no autenticado cargar un archivo arbitrario que podría conllevar a una ejecución de código remota
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-10 CVE Reserved
- 2022-03-29 CVE Published
- 2022-03-31 Exploited in Wild
- 2022-04-21 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/vu/JVNVU99107357 | Third Party Advisory | |
| https://www.jpcert.or.jp/english/at/2022/at220008.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://success.trendmicro.com/jp/solution/000290660 | 2023-08-08 | |
| https://success.trendmicro.com/solution/000290678 | 2023-08-08 |
| URL | Date | SRC |
|---|---|---|
| https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trendmicro Search vendor "Trendmicro" | Apex Central Search vendor "Trendmicro" for product "Apex Central" | 2019 Search vendor "Trendmicro" for product "Apex Central" and version "2019" | windows |
Affected
| ||||||
| Trendmicro Search vendor "Trendmicro" | Apex One Search vendor "Trendmicro" for product "Apex One" | - | saas |
Affected
| ||||||