CVE-2019-9489
published 2019-04-05CVE-2019-9489: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0)…
PriorityP277high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.26%
80.8th percentile
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trendmicro | apex_one | <= b1066 | — |
| trendmicro | apex_one_as_a_service | < 2019-03-27 | 2019-03-27 |
| trendmicro | business_security | — | — |
| trendmicro | officescan | — | — |
| trendmicro | officescan | — | — |
| trendmicro | worry-free_business_security | — | — |
| trendmicro | worry-free_business_security | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mj28-wpm2-q6cq: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11
ghsa_unreviewed·2022-05-13
CVE-2019-9489 [HIGH] CWE-22 GHSA-mj28-wpm2-q6cq: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
VulnCheck
Trend Micro Apex One and Apex One as a Service Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2019·CVSS 7.5
CVE-2019-9489 [HIGH] Trend Micro Apex One and Apex One as a Service Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Trend Micro Apex One and Apex One as a Service Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
Affected: Trend Micro Apex One and Apex One as a Service
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_0_JPCERT_en.pdf; https://assets.sentinelone.com/c/Shadowpad?x=P42eqA
No detection rules found.
No public exploits indexed.
Threat Intel
Tonto Team (Tonto Team, Earth Akhlut, BRONZE HUNTLEY)
threat_intel·CVSS 7.8
[HIGH] Tonto Team (Tonto Team, Earth Akhlut, BRONZE HUNTLEY)
# Threat Actor Profile: Tonto Team
ATT&CK ID: G0131
Also known as: Tonto Team, Earth Akhlut, BRONZE HUNTLEY, CactusPete, Karma Panda
Suspected origin: China
## Overview
Tonto Team is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by 2020 they expanded operations to include other Asian as well as Eastern European countries. Tonto Team has targeted government, military, energy, mining, financial, education, healthcare, and technology organizations, including through the Heartbeat Campaign (2009-2012) and Operation Bitter Biscuit (2017).(Citation: Kaspersky CactusPete Aug 2020)(Citation: ESET Exchange Mar 2021)(Citation: FireEye Chinese Espionage October 2019)(Citation: ARS Te
2019-04-05
Published
Exploited in the wild