November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-18188 – Trend Micro Apex One Arbitrary File Upload with Command Injection Vulnerability
October 29, 2019Rewterz Threat Alert – Recent Lazarus activity – IOC’s
October 29, 2019Rewterz Threat Advisory – CVE-2019-18188 – Trend Micro Apex One Arbitrary File Upload with Command Injection Vulnerability
October 29, 2019Rewterz Threat Alert – Recent Lazarus activity – IOC’s
October 29, 2019
Severity
High
Analysis Summary
A directory traversal vulnerability may allow an attacker to bypass authentication and log on to an affected product’s management console as a root user. The vulnerability does not require authentication.
Impact
Authentication bypass
Affected Vendors
Trend Micro
Affected Products
- Apex One (on premise) All (2019 before CP 2049)
- OfficeScan (OSCE) XG SP1
- OfficeScan (OSCE) XG
- OfficeScan (OSCE) 11.0 SP1
Remediation
Trend Micro has released the following solutions to address the issue:
Apex One (on premise) : CP 2049
OfficeScan : XG SP1 CP 5427
OfficeScan : XG CP 1962
OfficeScan : 11.0 SP1 CP 6638
Worry-Free Business Security : 10.0 SP1 Patch 2178
Worry-Free Business Security : 10.0 Patch 1569
Worry-Free Business Security : 9.5 CP 1513