https://success.trendmicro.com/solution/000281948

https://www.tenable.com/security/research/tra-2020-62

The Trend Micro Worry-Free Business Security (WFBS) is affected by a remote file deletion vulnerability in cgiLog.exe due to improper validation of a user-supplied path prior to using it in a file operation when handling the BinaryDataBlock parameter in an HTTP request. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to delete arbitrary files on the system.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

CVE-2020-28574

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium