CVE-2019-18188

Published: Oct 28, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.

Vendor	Product	Versions
Trend Micro	Trend Micro Apex One	affected `All`

References

https://success.trendmicro.com/solution/000151731

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-18188

Description

Affected Products

References