Trend Micro has patched a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. This is an arbitrary file upload issue, its exploitation could lead to remote code execution.
Trend Micro Apex Central is a web-based console that provides centralized management for Trend Micro products and services at the gateway, mail server, file server, and corporate desktop levels. Administrators can use the policy management feature to configure and deploy product settings to managed products and endpoints.
This web-based management console provides a single monitoring point for antivirus and content security products and services throughout the network.
Threat actors attempting to exploit the vulnerability in the wild. The company did not provide technical details about the attacks or if the flaw was successfully exploited by the attackers.
After Trend Micro disclosed the flaw, the US CISA added this issue to its Known Exploited Vulnerabilities Catalog and kept a deadline as April 21, 2022 to fix the flaw