9.8
CVE-2022-26871
- EPSS 8.57%
- Veröffentlicht 29.03.2022 21:15:07
- Zuletzt bearbeitet 10.02.2025 18:58:50
- Quelle security@trendmicro.com
- Teams Watchlist Login
- Unerledigt Login
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Apex Central Version2019 Update- SwPlatformwindows
Trendmicro ≫ Apex One Version- SwPlatformsaas
31.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Trend Micro Apex Central Arbitrary File Upload Vulnerability
SchwachstelleAn arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.57% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.