CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 10, 2022
Published Date: March 29, 2022
Last Updated: January 29, 2025
Vendor: Trend Micro
Product: Trend Micro Apex Central
Description: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-31 00:00:00 UTC) Source

References

https://success.trendmicro.com/solution/000290678 https://success.trendmicro.com/jp/solution/000290660 https://www.jpcert.or.jp/english/at/2022/at220008.html https://jvn.jp/vu/JVNVU99107357 https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-31 00:00:00 UTC