Vulnerability in Trend Micro’s Enterprise Products – Occurrence of Attacks – ZDNet Japan

Trend Micro announced on September 13 that multiple vulnerabilities exist in its “Trend Micro Apex One” and “Trend Micro Apex One SaaS” enterprise products.announcement. It is said to have already confirmed the occurrence of attacks aimed at exploiting the vulnerability, and the company has released an update to fix the vulnerability. Require users to apply.

According to the company, there are six vulnerabilities in Apex One version 2019 and Apex One SaaS. There have already been attacks exploiting the Improper Validation Vulnerability in Rollback Feature Components (CVE-2022-40139). Assessments based on the Common Vulnerability Scoring System (CVSS) 3.0 have a severity score of 5.5 to 8.2 (with a maximum of 10.0) and a medium to high severity.

The company fixed these vulnerabilities in Service Pack 1 (build 11092) for Apex One and August Maintenance for Apex One SaaS. We encourage users to apply the update as soon as possible. Additionally, the vulnerability disclosed this time is typically exploited by an attacker gaining access to a vulnerable endpoint, and access is only permitted from a trusted network, or access to the management console is restricted. .This also explains that the impact of vulnerabilities can be reduced by doing this.

Vulnerability assessment (Source: Trend Micro)

Vulnerability assessment (Source: Trend Micro)

Be the first to comment

Leave a Reply

Your email address will not be published.