JPCERT-AT-2019-0034
JPCERT/CC
2019-09-10
Trend Micro Incorporated
Request to Apply the Latest Fixed Patch Regarding Multiple Attacks Exploiting Vulnerability (CVE-2019-9489) in Our Products (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3545
If the vulnerability (CVE-2019-9489) is exploited, an attacker may manipulate arbitrary files on a server running the affected products.
Trend Micro Incorporated
Regarding Directory Traversal Vulnerability (CVE-2019-9489) in Virus Buster Corporate Edition and Virus Buster Business Security (Japanese)
https://success.trendmicro.com/jp/solution/1122253
Since the vulnerability is already being exploited in the wild, if you are using the affected products, it is recommended to update the affected system to the latest version as soon as possible.According to Trend Micro, it is recommended to check whether various settings including search settings have been changed as a way to check whether the attack has been made. For more information on the vulnerability, please refer to the information provided by Trend Micro.
- Virus Buster Corporate Edition XG SP1, XG and 11.0 SP1
- Virus Buster Business Security 10.0, 9.5 and 9.0
Please also refer to the additional information for the affected products and versions for this vulnerability as product name may differ in Japan and other countries.
Trend Micro Incorporated
SECURITY BULLETIN: Directory Traversal Vulnerability in Trend Micro Apex One, OfficeScan and Worry-Free Business Security
https://success.trendmicro.com/solution/1122250
JVNVU#94051551
Multiple Trend Micro products vulnerable to directory traversal
https://jvn.jp/en/vu/JVNVU94051551/
It is recommended to apply the patch as soon as possible.
- Virus Buster Corporate Edition XG Service Pack 1, Critical Patch (Build 5338)
- Virus Buster Corporate Edition XG Patch 1, Critical Patch 1 (Build 1933)
- Virus Buster Corporate Edition 11.0 Service Pack 1, Critical Patch (Build 6598)
- Virus Buster Business Security 10.0, Patch (Build 1531)
- Virus Buster Business Security 9.5, Critical Patch (Build 1487)
- Virus Buster Business Security 9.0 Service Pack 3, Critical Patch (Build 4394)
Trend Micro Incorporated
Request to Apply the Latest Fixed Patch Regarding Multiple Attacks Exploiting Vulnerability (CVE-2019-9489) in Our Products (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3545
Trend Micro Incorporated
Regarding Directory Traversal Vulnerability (CVE-2019-9489) in Virus Buster Corporate Edition and Virus Buster Business Security (Japanese)
https://success.trendmicro.com/jp/solution/1122253
JVNVU#94051551
Directory Traversal Vulnerability in Virus Buster Corporate Edition and Virus Buster Business Security (Japanese)
https://jvn.jp/vu/JVNVU94051551
Trend Micro Incorporated
SECURITY BULLETIN: Directory Traversal Vulnerability in Trend Micro Apex One, OfficeScan and Worry-Free Business Security
https://success.trendmicro.com/solution/1122250
JVNVU#94051551
Multiple Trend Micro products vulnerable to directory traversal
https://jvn.jp/en/vu/JVNVU94051551/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
MAIL: ew-info@jpcert.or.jp
TEL: +81-3-6271-8901 FAX: +81-3-6271-8908
https://www.jpcert.or.jp/english/
JPCERT/CC
2019-09-10
I. Overview
JPCERT/CC confirmed the information that the vulnerability (CVE-2019-9489)in multiple Trend Micro products such as Virus Buster Corporate Edition is exploited in the wild. Trend Micro has released alerts regarding this vulnerability.Trend Micro Incorporated
Request to Apply the Latest Fixed Patch Regarding Multiple Attacks Exploiting Vulnerability (CVE-2019-9489) in Our Products (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3545
If the vulnerability (CVE-2019-9489) is exploited, an attacker may manipulate arbitrary files on a server running the affected products.
Trend Micro Incorporated
Regarding Directory Traversal Vulnerability (CVE-2019-9489) in Virus Buster Corporate Edition and Virus Buster Business Security (Japanese)
https://success.trendmicro.com/jp/solution/1122253
Since the vulnerability is already being exploited in the wild, if you are using the affected products, it is recommended to update the affected system to the latest version as soon as possible.According to Trend Micro, it is recommended to check whether various settings including search settings have been changed as a way to check whether the attack has been made. For more information on the vulnerability, please refer to the information provided by Trend Micro.
II. Affected Products
Affected products and versions are as follows:- Virus Buster Corporate Edition XG SP1, XG and 11.0 SP1
- Virus Buster Business Security 10.0, 9.5 and 9.0
Please also refer to the additional information for the affected products and versions for this vulnerability as product name may differ in Japan and other countries.
Trend Micro Incorporated
SECURITY BULLETIN: Directory Traversal Vulnerability in Trend Micro Apex One, OfficeScan and Worry-Free Business Security
https://success.trendmicro.com/solution/1122250
JVNVU#94051551
Multiple Trend Micro products vulnerable to directory traversal
https://jvn.jp/en/vu/JVNVU94051551/
III. Solution
Trend Micro has released a patch that addresses this vulnerability.It is recommended to apply the patch as soon as possible.
- Virus Buster Corporate Edition XG Service Pack 1, Critical Patch (Build 5338)
- Virus Buster Corporate Edition XG Patch 1, Critical Patch 1 (Build 1933)
- Virus Buster Corporate Edition 11.0 Service Pack 1, Critical Patch (Build 6598)
- Virus Buster Business Security 10.0, Patch (Build 1531)
- Virus Buster Business Security 9.5, Critical Patch (Build 1487)
- Virus Buster Business Security 9.0 Service Pack 3, Critical Patch (Build 4394)
IV. References
Trend Micro Incorporated
Request to Apply the Latest Fixed Patch Regarding Multiple Attacks Exploiting Vulnerability (CVE-2019-9489) in Our Products (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3545
Trend Micro Incorporated
Regarding Directory Traversal Vulnerability (CVE-2019-9489) in Virus Buster Corporate Edition and Virus Buster Business Security (Japanese)
https://success.trendmicro.com/jp/solution/1122253
JVNVU#94051551
Directory Traversal Vulnerability in Virus Buster Corporate Edition and Virus Buster Business Security (Japanese)
https://jvn.jp/vu/JVNVU94051551
Trend Micro Incorporated
SECURITY BULLETIN: Directory Traversal Vulnerability in Trend Micro Apex One, OfficeScan and Worry-Free Business Security
https://success.trendmicro.com/solution/1122250
JVNVU#94051551
Multiple Trend Micro products vulnerable to directory traversal
https://jvn.jp/en/vu/JVNVU94051551/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (JPCERT/CC)
MAIL: ew-info@jpcert.or.jp
TEL: +81-3-6271-8901 FAX: +81-3-6271-8908
https://www.jpcert.or.jp/english/