DESCRIPTION:
Trend Micro research center has found that Trend Micro Apex Central exists high-level risk vulnerability (CVE-2022-26871), unauthorize attackers can upload arbitrary files due to improper handling of files, and allow attackers for arbitrary code execution.
AFFECTED RELEASES:
Trend Micro Apex Central 2019 prior to Build 6016
Trend Micro Apex Central as a Service(SaaS) prior to Build 202203
SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates by the following URL:
https://success.trendmicro.com/dcx/s/solution/000290678?language=en_US
(1) Updating Apex Central 2019 to Patch 3(Build 6016) or above.
(2) For Apex Central as a Service(SaaS), Trend Micro has been upadated finish, users don't need to take any actions.
2. If you can't update Apex Central 2019 to the latest version, please refer the official webpage "Trend Micro Protection", and set IPS rules.
REFERENCE:
1. https://www.ithome.com.tw/news/150252
2. https://success.trendmicro.com/dcx/s/solution/000290678?language=en_US
3. https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4435
4. https://success.trendmicro.com/jp/solution/000290660
5. https://success.trendmicro.com/jp/solution/000265749
6. https://www.jpcert.or.jp/english/at/2022/at220008.html