Security News > 2022 > September > Trend Micro warns of actively exploited Apex One RCE vulnerability
Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.
"Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution," the company explained in a security advisory published today.
Today, Trend Micro addressed another high severity vulnerability in the Apex One product, allowing potential attackers to bypass authentication by falsifying request parameters on affected installations.
"Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine. However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible," Trend Micro added.
In April, the security software vendor fixed another actively exploited security flaw in the Apex Central product management console that let remote attackers execute arbitrary code on compromised systems.
CISA later added the bug to its Known Exploited Vulnerabilities catalog, requiring federal civilian agencies to patch the actively used Apex Central bug within the next three weeks, until April 21, 2022.