CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24560

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.8%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2020-24560

Trendmicro » Antivirus+ 2019 » Version: 15.0

cpe:2.3:a:trendmicro:antivirus+_2019:15.0
Trendmicro » Internet Security 2019 » Version: 15.0

cpe:2.3:a:trendmicro:internet_security_2019:15.0
Trendmicro » Maximum Security 2019 » Version: 15.0

cpe:2.3:a:trendmicro:maximum_security_2019:15.0
Trendmicro » Officescan Cloud » Version: 15

cpe:2.3:a:trendmicro:officescan_cloud:15
Trendmicro » Premium Security 2019 » Version: 15.0

cpe:2.3:a:trendmicro:premium_security_2019:15.0
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24560

Products

Pricing

Contact Us