CVE-2019-9489

Published Apr 5, 2019

Last updated 3 years ago

Overview

Description: A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
Source: security@trendmicro.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7EF3C5E-0D35-4588-A21D-0D1D0352B85E",
            "versionEndIncluding": "b1066"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:apex_one_as_a_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65520AF0-2CDB-41BC-A9DE-7EA03D860AAA",
            "versionEndExcluding": "2019-03-27"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:business_security:9.0:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCA71A35-CEF5-4B5A-B123-ACDE49EE2B31"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFFB25C1-828D-49C4-825D-43AF1A2B7A55"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "602A0266-B586-447A-A500-1145B77053E8"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E482D0E-3CC6-4D32-AC2E-6A506066ECAB"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:worry-free_business_security:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42643A4A-D30D-40C4-9325-1F3B67A163CB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References