JPCERT-AT-2022-0023
JPCERT/CC
2022-09-13(Initial)
2022-09-14(Update)
Trend Micro Incorporated
CRITICAL SECURITY BULLETIN: September 2022 Security Bulletin for Trend Micro Apex One
https://success.trendmicro.com/solution/000291528
Trend Micro Incorporated
[Alert] Apply Service Pack; An attack exploiting the vulnerability (CVE-2022-40139) in Trend Micro Apex One has been observed (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to take actions such as applying the patch as soon as possible. As for details, please refer to the information provided by Trend Micro Incorporated.
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
- Trend Micro Apex One On Premise (2019) Service Pack 1 b11092/11088
According to Trend Micro Incorporated, the issues in Trend Micro Apex One as a Service are already fixed in August 2022 updates.
- Permit access to the product only from the trusted network
Trend Micro Incorporated
[Alert] Apply Service Pack; An attack exploiting the vulnerability (CVE-2022-40139) in Trend Micro Apex One has been observed (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
Trend Micro Incorporated
CRITICAL SECURITY BULLETIN: September 2022 Security Bulletin for Trend Micro Apex One
https://success.trendmicro.com/solution/000291528
Japan Vulnerability Notes JVN#36454862
Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service
https://jvn.jp/en/jp/JVN36454862/
If you have any information regarding this alert, please contact JPCERT/CC.
2022-09-14 Updated "I. Overview", "III. Solution" and "V. References"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2022-09-13(Initial)
2022-09-14(Update)
I. Overview
On September 13, 2022, Trend Micro Incorporated published an alert regarding a vulnerability (CVE-2022-40139) in Trend Micro Apex One and Trend Micro Apex One as a Service. A remote attacker who can log in to the product's administration console may be able to execute an arbitrary code by leveraging the vulnerability. Trend Micro Incorporated is aware of attack exploiting this vulnerability.Trend Micro Incorporated
CRITICAL SECURITY BULLETIN: September 2022 Security Bulletin for Trend Micro Apex One
https://success.trendmicro.com/solution/000291528
Trend Micro Incorporated
[Alert] Apply Service Pack; An attack exploiting the vulnerability (CVE-2022-40139) in Trend Micro Apex One has been observed (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to take actions such as applying the patch as soon as possible. As for details, please refer to the information provided by Trend Micro Incorporated.
II. Affected Products
Affected products are as follows:- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
III. Solution
Trend Micro Incorporated has released the patch that address the vulnerability. It is recommended to apply the patch as soon as possible.- Trend Micro Apex One On Premise (2019) Service Pack 1 b11092/11088
According to Trend Micro Incorporated, the issues in Trend Micro Apex One as a Service are already fixed in August 2022 updates.
IV. Workarounds
Trend Micro Incorporated has provided information on workarounds to reduce the impact of attacks that exploit the vulnerability. For details,please check the information provided by Trend Micro Incorporated.- Permit access to the product only from the trusted network
V. References
Trend Micro Incorporated
[Alert] Apply Service Pack; An attack exploiting the vulnerability (CVE-2022-40139) in Trend Micro Apex One has been observed (Text in Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4553
Trend Micro Incorporated
CRITICAL SECURITY BULLETIN: September 2022 Security Bulletin for Trend Micro Apex One
https://success.trendmicro.com/solution/000291528
Japan Vulnerability Notes JVN#36454862
Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service
https://jvn.jp/en/jp/JVN36454862/
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2022-09-13 First edition2022-09-14 Updated "I. Overview", "III. Solution" and "V. References"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/