CVE-2019-9489

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGH

EPSS

0.6%

top 31.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Trendmicro Apex ONE AS A Service Trendmicro Apex ONE Trendmicro Business Security +2 more

Timeline

PublishedApr 5

Latest updateMay 13

Description

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDtrendmicro/worry-free_business_security10.0, 9.5+1

▶NVDtrendmicro/business_security9.0

▶NVDtrendmicro/apex_one_as_a_service< 2019-03-27

▶NVDtrendmicro/apex_oneb1066

▶NVDtrendmicro/officescan11.0, xg+1

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

3

GHSA

GHSA-mj28-wpm2-q6cq: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11↗2022-05-13

▶

CVEList

CVE-2019-9489: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11↗2019-04-05

▶

VulnCheck

Trend Micro Apex One and Apex One as a Service Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2019

▶

CVE-2019-9489 (HIGH CVSS 7.5) | A directory traversal vulnerability | cvebase.io