Trend Micro Apex Central (on-premise and as a Service) has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulting in remote code execution. Organizations are advised to upgrade their Apex Central to the latest version available.
Potential MITRE ATT&CK TTPs are:
TA0042: Resource Development
TA0001: Initial Access
TA0002: Execution
T1588: Obtain Capabilities
T1588.006: Obtain Capabilities: Vulnerabilities
T1190: Exploit Public-Facing Application
T1059: Command and Scripting Interpreter
https://files.trendmicro.com/jp/ucmodule/apexcentral/win/2019/apexcentral_2019_gm_win_ja_3945_r3.exe
https://appweb.trendmicro.com/supportNews/NewsDetail.aspx?id=4395
Get through updates and upcoming events, and more directly in your inbox