Severity

Medium

Analysis Summary

CVE-2019-9489
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product’s management console.

Impact

Manipulation of data

Affected Vendors

Trend Micro

Affected Products

Trend Micro OfficeScan XG
The vulnerability is reported in versions prior to Server Build 1933 and Agent Build 1812 running on Windows.
Trend Micro OfficeScan 11.0

Remediation

Vendor has released patch/update for the following vulnerability.

Apply osce_xg_win_en_criticalpatch_1933.exe

or

osce_xg_sp1_win_en_criticalpatch_5338.exe