CISA KEV 정보
| 취약점명 | Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability |
|---|---|
| 설명 | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-23 |
| 등록일 (KEV) | 2026-05-21 |
| 조치 기한 | 2026-06-04 |
| 추가 참고 | https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926 |
NVD 상세 정보
CVSS v3.1: 6.7 MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L설명: A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex One and a potential attacker must have access to the Apex One Server and already obtained administrative credentials to the server via some other method to exploit this vulnerability.
CWE: CWE-23
참조
This product uses the NVD API but is not endorsed or certified by the NVD.