← Back

CVE-2022-26871

nvd nist
Published: Mar 29, 2022Modified: Dec 22, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

Affected (2)

Trendmicro
2 products
Apex Central
Apex One
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Apex Central
Version 2019
Apex One
All versions

Related CWEs

CWE-345
Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References (11)

Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: security@trendmicro.com
MitigationPatchVendor Advisory
Source: security@trendmicro.com
MitigationPatchVendor Advisory
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.