Trend Micro Apex Central arbitrary file upload remote code execution (RCE) vulnerability

Trend Micro has released new patches for an arbitrary file upload vulnerability in Trend Micro Apex Central (on-premise and as a Service).

An arbitrary file upload vulnerability was found in Trend Micro Apex Central (on-premise and as a Service). This vulnerability could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.

To exploit this vulnerability, an attacker requires access (physical or remote) to a vulnerable machine. Although an exploit may require to have various specific conditions, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.

What’s the impact of this announcement?
High

Product(s) affected:
Apex Central (on prem and SaaS)

What actions do you need to take?
Applying the patch will address the issue. All customers are strongly encouraged to update to the latest version as soon as possible.

*Please note that the SaaS version has already been deployed on the backend and no further action is required from SaaS customers on this issue.

Sources:
IMPORTANT SECURITY BULLETIN: Trend Micro Apex Central Arbitrary File Upload Remote Code Execution (RCE) Vulnerability