CVE-2019-18189

Published: Oct 28, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

Affected (7)

Products: Trendmicro: Apex One, Officescan, Worry Free Business Security

Trendmicro

3 products

Apex One

Officescan

Worry Free Business Security

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Apex One	All versions
Trendmicro Officescan	Version 11.0 sp1
Trendmicro Officescan	Version xg
Trendmicro Officescan	Version xg sp1
Trendmicro Worry Free Business Security	Version 10.0
Trendmicro Worry Free Business Security	Version 10.0 sp1
Trendmicro Worry Free Business Security	Version 9.5

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://success.trendmicro.com/solution/000151732

Source: security@trendmicro.com

Vendor Advisory

https://success.trendmicro.com/solution/000151732

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.