Lucene search

[email protected]CVE-2019-9489

HistoryApr 05, 2019 - 11:29 p.m.

CVE-2019-9489

2019-04-0523:29:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2019-9489

trend micro

apex one

officescan

worry-free business security

directory traversal

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product’s management console.

Affected configurations

NVD

Node

trendmicroapex_oneRange≤b1066

trendmicroapex_one_as_a_serviceRange<2019-03-27

trendmicrobusiness_securityMatch9.0sp3

trendmicroofficescanMatch11.0sp1

trendmicroofficescanMatchxg

trendmicroofficescanMatchxgsp1

trendmicroworry-free_business_securityMatch9.5

trendmicroworry-free_business_securityMatch10.0

AND

microsoftwindowsMatch-

CPENameOperatorVersion
trendmicro:apex_onetrendmicro apex oneleb1066
trendmicro:apex_one_as_a_servicetrendmicro apex one as a servicelt2019-03-27
trendmicro:business_securitytrendmicro business securityeq9.0
trendmicro:officescantrendmicro officescaneq11.0
trendmicro:officescantrendmicro officescaneqxg
trendmicro:worry-free_business_securitytrendmicro worry-free business securityeq9.5
trendmicro:worry-free_business_securitytrendmicro worry-free business securityeq10.0

CPE	Name	Operator	Version
trendmicro:apex_one	trendmicro apex one	le	b1066
trendmicro:apex_one_as_a_service	trendmicro apex one as a service	lt	2019-03-27
trendmicro:business_security	trendmicro business security	eq	9.0
trendmicro:officescan	trendmicro officescan	eq	11.0
trendmicro:officescan	trendmicro officescan	eq	xg
trendmicro:worry-free_business_security	trendmicro worry-free business security	eq	9.5
trendmicro:worry-free_business_security	trendmicro worry-free business security	eq	10.0

CNA Affected

[
  {
    "product": "Apex One, OfficeScan, Worry-Free Business Security",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "Apex One"
      },
      {
        "status": "affected",
        "version": "OfficeScan XG"
      },
      {
        "status": "affected",
        "version": "OfficeScan 11.0"
      },
      {
        "status": "affected",
        "version": "Worry-Free Business Security 10"
      },
      {
        "status": "affected",
        "version": "Worry-Free Business Security 9.5"
      },
      {
        "status": "affected",
        "version": "Worry-Free Business Security 9.0"
      }
    ]
  }
]

References

success.trendmicro.com/jp/solution/1122253

success.trendmicro.com/solution/1122250

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CVE-2019-9489

nessus2 prion1 cvelist1 nvd1