CVE-2019-18187

Sažetak

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.

Reference

https://success.trendmicro.com/solution/000151730
https://success.trendmicro.com/solution/000151730
https://web.archive.org/web/20200215171235/https://success.trendmicro.com/solution/000151730
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18187

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-10-2025 - 15:51

Objavljeno

28-10-2019 - 20:15