CVE-2019-18189
CRITICALTrend Micro Apex One/OfficeScan/Worry-Free Business Security - Path Traversal & Auth Bypass
Title source: llmDescription
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000151732
Scores
CVSS v3
9.8
EPSS
0.0060
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (5)
trendmicro/apex_one
trendmicro/officescan
11.0 sp1
trendmicro/officescan
xg (2 CPE variants)
trendmicro/worry-free_business_security
9.5
trendmicro/worry-free_business_security
10.0 (2 CPE variants)
Published
Oct 28, 2019
Tracked Since
Feb 18, 2026