Trend Micro fixed high severity flaw in Apex Central product management console

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console.

Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead to remote code execution.

Patch release information published by the company states that the flaw resides in the file handling module.

Trend Micro Apex Central™ is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. Administrators can use the policy management feature to configure and deploy product settings to managed products and endpoints. The Apex Central web-based management console provides a single monitoring point for antivirus and content security products and services throughout the network.

This week, Trend Micro spotted threat actors attempting to exploit the vulnerability in the wild. The company did not provide technical details about the attacks or if the flaw was successfully exploited by the attackers.

“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest version as soon as possible.” reads the advisory published by Trend Micro.

The security firm has addressed the issue with the release of the following product versions:

Product	Updated version	Notes	Platform	Availability
Apex Central (on-prem)	Patch 3 (Build 6016)	Readme	Windows	Now Available
Apex Central (SaaS)*	March 9, 2022, Deployment (Build 6016)	Deployment Notes	SaaS	Already Deployed (March 9)

This week, after Trend Micro disclosed the flaw, the US Cybersecurity and Infrastructure Security Agency (CISA) added this issue to its Known Exploited Vulnerabilities Catalog. The US agency ordered federal civilian agencies to address this flaw by April 21, 2022.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Trend Micro)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.