CVE-2019-18189

9.8CRITICAL

Key Information:

Vendor: Trend Micro
Status: Trend Micro Apex One, Trend Micro Officescan (osce), Trend Micro Worry-free Business Security (wfbs)
Vendor: CVE Published:; 28 October 2019

Summary

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

Affected Version(s)

Trend Micro Apex One, Trend Micro OfficeScan (OSCE), Trend Micro Worry-Free Business Security (WFBS) Apex One (All), OSCE (11.0, XG), WFBS (9.5, 10.0)

References

https://success.trendmicro.com/solution/000151732

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 28, 2019
Vulnerability Reserved
Oct 17, 2019