JVNVU#99107357
Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents
Critical
Overview
Trend Micro Apex Central and Trend Micro Apex Central as a Service provided by Trend Micro Incorporated are vulnerable to improper check for file contents.
Products Affected
- Trend Micro Apex Central 2019 prior to Build 6016
- Trend Micro Apex Central as a Service prior to Build 202203
Description
Trend Micro Apex Central and Trend Micro Apex Central as a Service provided by Trend Micro Incorporated are vulnerable to improper check for file contents (CWE-345, CVE-2022-26871).
Trend Micro Incorporated states that attacks has been observed.
Impact
A remote attacker may upload an arbitrary file in the product. As a result, arbitrary code may be executed.
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released a patch listed below that contains a fix for this vulnerability.
- Trend Micro Apex Central 2019 Patch3 (Build 6016)
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
JPCERT-AT-2022-0008 Alert Regarding Vulnerability (CVE-2022-26871) in Trend Micro Apex Central |
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
|