CVE-2020-8468

MEDIUM

Description

Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

References

https://success.trendmicro.com/jp/solution/000244253

https://success.trendmicro.com/jp/solution/000244836

https://success.trendmicro.com/solution/000245571

https://success.trendmicro.com/solution/000245572

Details

Source: MITRE

Published: 2020-03-18

Updated: 2020-03-19

Type: CWE-494

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security:9.0:sp3:*:*:*:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security:10.0:-:*:*:*:*:*:*

cpe:2.3:a:trendmicro:worry-free_business_security:10.0:sp1:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
134629	Trend Micro OfficeScan Multiple Vulnerabilities (000245571)	Nessus	Windows	critical
701274	Trend Micro Apex One and OfficeScan XG Arbitrary Code Execution	Nessus Network Monitor	Generic	high