430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Trend Micro fixed high severity flaw in Apex Central product management console

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead […]

Trend Micro Apex One

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console.

Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead to remote code execution.

Patch release information published by the company states that the flaw resides in the file handling module.

Trend Micro Apex Central™ is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. Administrators can use the policy management feature to configure and deploy product settings to managed products and endpoints. The Apex Central web-based management console provides a single monitoring point for antivirus and content security products and services throughout the network.

This week, Trend Micro spotted threat actors attempting to exploit the vulnerability in the wild. The company did not provide technical details about the attacks or if the flaw was successfully exploited by the attackers.

“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest version as soon as possible.” reads the advisory published by Trend Micro.

The security firm has addressed the issue with the release of the following product versions:

ProductUpdated versionNotesPlatformAvailability
Apex Central  
(on-prem)  
Patch 3 (Build 6016)   Readme   Windows  Now Available
Apex Central
(SaaS)*
March 9, 2022, Deployment  
(Build 6016)
Deployment Notes   SaaSAlready Deployed  
(March 9)

This week, after Trend Micro disclosed the flaw, the US Cybersecurity and Infrastructure Security Agency (CISA) added this issue to its Known Exploited Vulnerabilities Catalog. The US agency ordered federal civilian agencies to address this flaw by April 21, 2022.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Trend Micro)

[adrotate banner=”5″]

[adrotate banner=”13″]