May 22, 2023
Trend Micro Patches Critical RCE Vulnerability in Apex One
Trend Micro has issued a new Critical Patch (CP) for Trend Micro Apex One and Trend Micro Apex One as a Service, which addresses a number of previously identified vulnerabilities.
The Critical RCE Vulnerability
- CVE-2023-32557, (CVSS 3.1: 9.8, Critical) – Management Server Path Traversal Unauthenticated RCE Vulnerability, allows unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
- Apex One – 2019 (On-prem).
- Apex One as a Service – Versions before April 2023 Maintenance.
CYREBRO recommends users of these products to obtain the latest version of the product if there is a newer one available than the one listed in Trend Micro bulletin.
References: Trend Micro Security Advisory