Trend Micro released updates this week for Apex Central’s high-severity arbitrary file upload vulnerability, which has already been exploited in what appears to be targeted attacks.
The security flaw is tracked as CVE-2022-26871 (CVSS score of 8.6) and was identified by Trend Micro’s own research team. It affects both on-premises and Software-as-a-Service (SaaS) versions of the centralized administration console.
Trend Micro has published Patch 3 (Build 6016) for on-premises Apex Central installations, following the release of fixes for the SaaS version in early March. According to the company, the security flaw allows an unauthenticated attacker to remotely upload an arbitrary file, potentially resulting in remote code execution.