CVE-2019-18188
HIGHTrend Micro Apex One - Authenticated Command Injection via Zip File Extraction
Title source: llmDescription
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000151731
Scores
CVSS v3
7.5
EPSS
0.0268
EPSS Percentile
86.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-77
Status
published
Products (1)
trendmicro/apex_one
2019
Published
Oct 28, 2019
Tracked Since
Feb 18, 2026