vulnerability

Trend Micro Apex One: CVE-2019-18188: Improper Neutralization of Special Elements used in a Command

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 28, 2019	Apr 29, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 28, 2019

Added

Apr 29, 2025

Modified

Jul 2, 2025

Description

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.

Solution

trend-micro-apex-one-upgrade-latest

References

CWE-77
CVE-2019-18188
https://attackerkb.com/topics/CVE-2019-18188
URL-https://success.trendmicro.com/solution/000151731

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today