A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
Conclusion & alert: CVE-2019-9489 is rated Moderate Risk (59.9/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.26%). Core evidence: EPSS rose +1.69% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.57% | 2.26% | +1.69% |
| 2 | 2025-03-30 | 0.91% | 0.57% | -0.34% |
| 3 | 2025-03-29 | — | 0.91% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.0 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 5.0 | 2.0 | MEDIUM |
|
10.0 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| trendmicro | apex_one | <= b1066 | cpe:2.3:a:trendmicro:apex_one:*:*:*:*:*:*:*:* |
| trendmicro | apex_one_as_a_service | < 2019-03-27 | cpe:2.3:a:trendmicro:apex_one_as_a_service:*:*:*:*:*:*:*:* |
| trendmicro | business_security | 9.0 | cpe:2.3:a:trendmicro:business_security:9.0:sp3:*:*:*:*:*:* |
| trendmicro | officescan | 11.0 | cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:* |
| trendmicro | officescan | xg | cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:* |
| trendmicro | officescan | xg | cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:* |
| trendmicro | worry-free_business_security | 9.5 | cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:*:*:*:* |
| trendmicro | worry-free_business_security | 10.0 | cpe:2.3:a:trendmicro:worry-free_business_security:10.0:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://success.trendmicro.com/jp/solution/1122253 | Patch Vendor Advisory |
| https://success.trendmicro.com/solution/1122250 | Patch Vendor Advisory |