Trend Micro Patches Critical RCE Vulnerability in Apex One

May 22, 2023

Trend Micro Patches Critical RCE Vulnerability in Apex One

Trend Micro has issued a new Critical Patch (CP) for Trend Micro Apex One and Trend Micro Apex One as a Service, which addresses a number of previously identified vulnerabilities.

The Critical RCE Vulnerability

  • CVE-2023-32557, (CVSS 3.1: 9.8, Critical) – Management Server Path Traversal Unauthenticated RCE¬†Vulnerability, allows unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.

Affected Products

  • Apex One¬† – 2019 (On-prem).
  • Apex One as a Service – Versions before April 2023 Maintenance.

Mitigation

CYREBRO recommends users of these products to obtain the latest version of the product if there is a newer one available than the one listed in Trend Micro bulletin.

References: Trend Micro Security Advisory

Sign Up for Updates