Trend Micro OfficeScan Directory Traversal Vulnerability
Trend Micro — OfficeScan
- Added to KEV catalog
- 3 November 2021
- Federal remediation due date
- 3 May 2022
- Weakness classification (CWE)
- CWE-22
CISA Description
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-18187
More Trend Micro Vulnerabilities
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Trend Micro Apex Central Arbitrary File Upload Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services