CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
trendmicroapex_one
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
https://jvn.jp/vu/JVNVU99107357
https://success.trendmicro.com/jp/solution/000290660
https://success.trendmicro.com/solution/000290678
https://www.jpcert.or.jp/english/at/2022/at220008.html
https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
https://jvn.jp/vu/JVNVU99107357
https://success.trendmicro.com/jp/solution/000290660
https://success.trendmicro.com/solution/000290678
https://www.jpcert.or.jp/english/at/2022/at220008.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26871