CVE-2019-18188

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified)

Description The issue allows an attacker to exploit a command injection vulnerability, potentially leading to the extraction of files from an arbitrary zip file to a specific folder on the Apex One server. This could result in remote code execution (RCE). However, the remote process execution is restricted to the IUSR account, which has limited permissions and cannot make significant system changes. An attempted attack requires the attacker to have user authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.