Vulnerability Details CVE-2020-8468
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Proposed Action
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Ransomware Campaign
Unknown
References
- https://success.trendmicro.com/jp/solution/000244253
- https://success.trendmicro.com/jp/solution/000244836
- https://success.trendmicro.com/solution/000245571
- https://success.trendmicro.com/solution/000245572
- https://success.trendmicro.com/jp/solution/000244253
- https://success.trendmicro.com/jp/solution/000244836
- https://success.trendmicro.com/solution/000245571
- https://success.trendmicro.com/solution/000245572
Products affected by CVE-2020-8468
-
cpe:2.3:a:trendmicro:apex_one:2019
-
cpe:2.3:a:trendmicro:officescan:xg
-
cpe:2.3:a:trendmicro:worry-free_business_security:10.0
-
cpe:2.3:a:trendmicro:worry-free_business_security:9.0
-
cpe:2.3:a:trendmicro:worry-free_business_security:9.5