Description
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Trend Micro / Trend Micro Apex One2019, SaaS – 2019, SaaS
- Trend Micro / Trend Micro OfficeScanXG SP1 – XG SP1
- Trend Micro / Trend Micro Worry-Free Business Security10.0 SP1 – 10.0 SP1