9.8
CVE-2022-26871
- EPSS 8.57%
- Published 29.03.2022 21:15:07
- Last modified 10.02.2025 18:58:50
- Source security@trendmicro.com
- Teams watchlist Login
- Open Login
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Data is provided by the National Vulnerability Database (NVD)
Trendmicro ≫ Apex Central Version2019 Update- SwPlatformwindows
Trendmicro ≫ Apex One Version- SwPlatformsaas
31.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Trend Micro Apex Central Arbitrary File Upload Vulnerability
VulnerabilityAn arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.57% | 0.919 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.