Trend Micro cautions against actively exploited Apex One RCE vulnerability
The firm also patched a high severity security flaw that lets perpetrators bypass authentication
Trend Micro has alerted its customers to an actively exploited Apex One security vulnerability, codenamed CVE-2022-40139.
An endpoint security platform, Apex One by Trend Micro provides businesses with automated threat detection and response against malware and malicious tools.
The recently identified security flaw in the platform allows for remote execution of arbitrary code on systems running unpatched software, the company warned.
"Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.”
However, despite the severity of the threat, Trend Micro noted that threat actors must still obtain access to the Apex One server administration console for an exploit to be successful.
"Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible," the company added.
Apex One users are advised to update their installation to the latest version, Apex One Service Pack 1 (Server Build 11092 and Agent Build 11088) to safeguard their systems.
Trend Micro also patched another high severity vulnerability in the Apex One product, tracked as CVE-2022-40144. The security flaw allowed potential intruders to falsify request parameters to bypass authentication.
2023 Strategic roadmap for data security platform convergence
Capitalise on your data and share it securely using consolidated platformsFree Download
The 3D trends report
Presenting one of the most exciting frontiers in visual cultureFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
Leverage automated APM to accelerate CI/CD and boost application performance
Constant change to meet fast-evolving application functionalityFree Download