CVE-2020-25773Double Free in Micro Apex ONE

CWE-415Double Free3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 32.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedSep 29
Latest updateMay 24

Description

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/apex_one2019, saas+1
CVEListV5trend_micro/trend_micro_apex_one2009, SaaS

🔴Vulnerability Details

2
GHSA
GHSA-66q8-xjv5-xwwp: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products2022-05-24
CVEList
CVE-2020-25773: A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products2020-09-28
CVE-2020-25773 — Double Free in Trend Micro Apex ONE | cvebase