CVE-2019-18188
CVE-2019-18188
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 4.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
28 oct 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.
Productos afectados
Trend Micro · Trend Micro Apex One¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →