

Rewterz Threat Advisory – CVE-2019-18188 – Trend Micro Apex One Arbitrary File Upload with Command Injection Vulnerability
October 29, 2019
Rewterz Threat Alert – Recent Lazarus activity – IOC’s
October 29, 2019
Rewterz Threat Advisory – CVE-2019-18188 – Trend Micro Apex One Arbitrary File Upload with Command Injection Vulnerability
October 29, 2019
Rewterz Threat Alert – Recent Lazarus activity – IOC’s
October 29, 2019Severity
High
Analysis Summary
A directory traversal vulnerability may allow an attacker to bypass authentication and log on to an affected product’s management console as a root user. The vulnerability does not require authentication.
Impact
Authentication bypass
Affected Vendors
Trend Micro
Affected Products
- Apex One (on premise) All (2019 before CP 2049)
- OfficeScan (OSCE) XG SP1
- OfficeScan (OSCE) XG
- OfficeScan (OSCE) 11.0 SP1
Remediation
Trend Micro has released the following solutions to address the issue:
Apex One (on premise) : CP 2049
OfficeScan : XG SP1 CP 5427
OfficeScan : XG CP 1962
OfficeScan : 11.0 SP1 CP 6638
Worry-Free Business Security : 10.0 SP1 Patch 2178
Worry-Free Business Security : 10.0 Patch 1569
Worry-Free Business Security : 9.5 CP 1513